Beanstalk Notion
Beanstalk Notion
/
🪲
Bug Reports
/
BIC Notes
/
📄
Report #31908
📄

Report #31908

Report Date
June 1, 2024
Status
Closed
Payout

SSL/TLS Issue on rooster.bean.money

‣
Report Info

Report ID

#31908

Report type

Websites and Applications

Has PoC?

Yes

Target

rooster.bean.money

(Out of scope)

Impacts

Lack of valid SSL/TLS

Description

The SSL/TLS certificate for rooster.bean.money presents a hostname mismatch error because the common name (CN) or subject alternative names (SAN) listed in the certificate do not match the domain name. This mismatch can cause browsers to display security warnings, eroding user trust and exposing the site to potential man-in-the-middle (MitM) attacks. If this vulnerability is exploited in a production environment, it could lead to significant security breaches, loss of user trust, and potential regulatory non-compliance.

Vulnerability Details

The SSL/TLS certificate presented by rooster.bean.money has a common name (CN) of *.mesontracking.com, which does not match rooster.bean.money. This mismatch triggers browser warnings about potential security risks, indicating that the connection might not be secure. The specific error observed is:

None of the common names in the certificate match the name that was entered (rooster.bean.money). Common name: *.mesontracking.com

This error suggests that the SSL certificate was issued for a different domain and does not cover rooster.bean.money. This issue can be verified using tools like sslchecker:https://www.sslshopper.com/ssl-checker.html#hostname=rooster.bean.money

Impact Details

The consequences of this vulnerability are significant:

  • User Trust: Users accessing rooster.bean.money will encounter security warnings, leading to a loss of trust and potential drop in user engagement.
  • Man-in-the-Middle (MitM) Attacks: Attackers could exploit this mismatch to intercept and manipulate traffic between users and the server, potentially stealing sensitive information or injecting malicious content.
  • Regulatory Compliance: Many regulatory frameworks require secure transmission of data. A hostname mismatch might result in non-compliance, leading to legal repercussions and fines.
  • Financial Loss: If the site handles financial transactions or sensitive user data, the exploitation of this vulnerability could lead to significant financial losses and data breaches.

References

https://www.sslshopper.com/ssl-checker.html#hostname=rooster.bean.money

Proof of concept

https://www.sslshopper.com/ssl-checker.html#hostname=rooster.bean.money

Immunefi Response

Immunefi has reviewed this vulnerability report and decided to close since being out of scope for Beanstalk bug bounty program.
  • claimed impact by the whitehat is in scope for the bug bounty program
  • claimed asset by the whitehat is not in scope for the bug bounty program
  • PoC has been submitted to the project
  • claimed severity is in scope for the bug bounty program

The project will now be automatically subscribed and receive a report of the closed submission and can evaluate if they are interested in re-opening it. However, note that they are not under any obligation to do so.