# Vulnerability Report: Account Takeover via Email Change Functionality

## Summary:
During security testing of the email change functionality on the Telerik website, it was discovered that the application can be vulnerable to an account takeover attack. The vulnerability allows an attacker to change the email address associated with an account to their own email address, effectively taking over the victim's account.

## Vulnerability Details:
- **Functionality Description:**
  - The Telerik website provides a functionality for users to request a change in their email address.
  - This functionality consists of two sections: current email and new email.
  - The current email is not accessible from the user interface, while the new email can be inputted by the user.
  - After inputting the new email and clicking the "Change Email" button, the user's request is processed.

- **Attack Scenario:**
  1. **Attacker Inputs Their Email:** The attacker inputs their own email address in the new email section.
  2. **Intercepting the Request:** Using interception tools, the attacker intercepts the request before it is sent to the server.
  3. **Modifying the Request:** The attacker modifies the request to replace their own email address with the victim's email address in the current email section.
  4. **Consent Form Manipulation:** Additionally, the attacker can manipulate the consent form associated with the email change request to gain access to the victim's account without their consent.
  5. **Changing the Email Address:** The modified request is forwarded to the server, resulting in the victim's email address being changed to the attacker's email address.



## Impact:
- **Account Takeover:** The vulnerability allows an attacker to take over the victim's account by changing the email address associated with it.
- **Data Access:** Once the attacker gains access to the victim's account, they may have unauthorized access to sensitive data and functionalities associated with the account.

## Mitigation Recommendations:
- **Input Validation:** Implement strict input validation to ensure that only legitimate email addresses are accepted in the new email section.
- **Consent Verification:** Require additional verification steps, such as email confirmation or user authentication, before processing email change requests.
- **Session Management:** Implement session management mechanisms to detect and prevent unauthorized access to account settings and functionalities.
- **Security Awareness:** Educate users about the risks of phishing attacks and social engineering tactics used by attackers to gain unauthorized access to accounts.

## Affected URL:
- Email Change Functionality: [https://www.telerik.com/account/support-center/email-change](https://www.telerik.com/account/support-center/email-change)

## Conclusion:
The discovered vulnerability poses a significant security risk to Telerik website users by allowing attackers to take over accounts through manipulation of the email change functionality. It is imperative for the development team to address this vulnerability promptly by implementing appropriate security controls and mitigations to safeguard user accounts from unauthorized access.

**Best Regards,**
Sagar Dhoot

Windows Forms on .net 6.0 / 7.0 / 8.0 diverges more and more from .net Framework 4.x.

Please release a version of the Demo Application that is based on the current Microsoft Release.

Hi

It would be cool if the SyntaxEditor automatically changed the default palette if the selected scheme was dark.

Regards

Erwin

Hi,

Please, add a property  or method to the RadWebCam control to set video bit rate or quality. Currently is fixed a 4 mbits and it results in very poor image quality at high resolutions.

Please find attached images to see the difference  between snapshot and video recording. With fast moving pictures is even worse.

Thanks.

 

The windows 11compact theme does not show up in my Toolbox.

You cannot use the component in .NET project, yet it is available in .NET Framework.

   

RadVirtualGrid is created to support a million records or more. Still it contains some "heavy" operations like CopySelection/CutSelection/Paste which can take a long time.

I would like to intercept these methods so I can show a "Please wait"-window during the operation. Furthermore I have the need to set a flag to true when such a operation is executing. 

Implement the export of notes (footnote, endnote) in the RtfFormatProvider of the RadRichTextEditor.

PerformClick method of RadButtonElement is sending next error:

System.InvalidCastException: 'Unable to cast object of type 'System.EventArgs' to type 'System.Windows.Forms.MouseEventArgs'.

Find my code below:

private void btnAddField_Click(object sender, EventArgs e)
{
    RadDiagramShape sourceShape = new RadDiagramShape()
    {
        Text = "source",
        Shape = new RoundRectShape(5),
        BackColor = Color.Red
    };

    sourceShape.Position = new Telerik.Windows.Diagrams.Core.Point(150, 100);
    radDiagram.AddShape(sourceShape);

    sourceShape.IsSelected = true;
    RadButtonElement additionalContent = Telerik.WinControls.UI.Diagrams.Primitives.ItemInformationAdorner.GetAdditionalContent(
                                            this.radDiagram.DiagramElement.ItemInformationAdorner) as RadButtonElement;

    additionalContent.PerformClick();
}

What I want is to display the SettingsPane automatically when adding a RadDiagramShape item in a RadDiagram

Regards

Remove warning in VS when creating a project using our VS template targeting .Net 6 / 7

Hi- When I add a Rad context menu to a RadToolbarForm, the toolbar vanishes from the designer after a build.  This is new behavior because I have other context menus that I had previously added to the form.  If I drag a RadContextMenu from the toolkit, or I copy/paste an existing context menu, the toolbar disappears after a build.  I am running the latest release (2024.1.130) and toolkit config (although this also happens when running the previous Telerik release)

I tried closing the designer before the build and the toolbar still disappears.  Doing a Clean before build has no effect.  This form is inherited from a simple RadToolbar form (no controls except the toolbar).  The toolbar is still listed in the list of controls for the form

Ha!  Just found out what's happening.  It's deleting the toolbar configuration code from the designer code.  Everything below is gone.  If I add it back in, then do anything with the new context menu, like rename it, it gets removed again

            // 
            // RadToolbarFormControl1
            // 
            RadToolbarFormControl1.AutoSize = false;
            RadToolbarFormControl1.CenterItems.AddRange(new Telerik.WinControls.RadItem[] { RadLabelElement1, RadButtonElement_Task_New, RadButtonElement_Task_Edit, RadButtonElement_Task_Delete, RadCheckBoxElement_ShowCompleted });
            RadToolbarFormControl1.CenterItemsVerticalAlignment = Telerik.WinControls.UI.RadVerticalAlignment.Bottom;
            RadToolbarFormControl1.FarItems.AddRange(new Telerik.WinControls.RadItem[] { RadLabelElement_WorkHours, RadLabelElement_Work_StartDate, RadLabelElement_Work_EndDate, RadButtonElement_SelectDates, RadButtonElement_Invoices, RadButtonElement_Summary });
            RadToolbarFormControl1.NearItems.AddRange(new Telerik.WinControls.RadItem[] { RadLabelElement2, RadLabelElement_Projects, RadButtonElement_New, RadButtonElement_Edit, RadButtonElement_Delete, RadButtonElement_Refresh });
            RadToolbarFormControl1.ShowText = false;
            RadToolbarFormControl1.Size = new Size(1804, 52);

 

Here's my dev environment:

Microsoft Visual Studio Community 2022
Version 17.8.7
VisualStudio.17.Release/17.8.7+34601.278
Microsoft .NET Framework
Version 4.8.09037

Installed Version: Community

ActiveReports 16   16.3.1.0
The first report writer for Microsoft .NET

ASP.NET and Web Tools   17.8.358.6298
ASP.NET and Web Tools

Azure App Service Tools v3.0.0   17.8.358.6298
Azure App Service Tools v3.0.0

C# Tools   4.8.0-7.23572.1+7b75981cf3bd520b86ec4ed00ec156c8bc48e4eb
C# components used in the IDE. Depending on your project type and settings, a different version of the compiler may be used.

Code Converter   1.0
Code Converter Extension Details

Common Azure Tools   1.10
Provides common services for use by Azure Mobile Services and Microsoft Azure Tools.

Microsoft JVM Debugger   1.0
Provides support for connecting the Visual Studio debugger to JDWP compatible Java Virtual Machines

NuGet Package Manager   6.8.1
NuGet Package Manager in Visual Studio. For more information about NuGet, visit https://docs.nuget.org/

Progress Telerik UI for WinForms Extension   2023.3.1110.93
Progress® Telerik® UI for WinForms Extension

TypeScript Tools   17.0.20920.2001
TypeScript Tools for Microsoft Visual Studio

Visual Basic Tools   4.8.0-7.23572.1+7b75981cf3bd520b86ec4ed00ec156c8bc48e4eb
Visual Basic components used in the IDE. Depending on your project type and settings, a different version of the compiler may be used.

Visual F# Tools   17.8.0-beta.23475.2+10f956e631a1efc0f7f5e49c626c494cd32b1f50
Microsoft Visual F# Tools

Visual Studio IntelliCode   2.2
AI-assisted development for Visual Studio.

 

I can't provide a project or even code snippets that would make sense out of context because the code base is too complex for an easy replication to be setup.

We are trying various things like calling Refresh, Update.

 

Hoping this is something you've encountered before and have some suggestions.

I just upgraded to the latest version of Telerik products and facing the issues described below.

When dragging and drop Telerik UI objects from the toolbar on a form, the dialog box below is displayed with question but there is no button to click to answer the question and I don't where to stop it.

See screenshot attached.

Hi All,

Note:- I am using Bound RadTreeview. Bound with DataSource.

1 Take RadTreeview

2 Add Few nodes Like:

    ......Node A

    ......Node B

    ......Node C

    ............Node D

    ............Node E

3 Now Drag Node B and Drop it in Node C (As Node C's Child)

4 It throw Exception Error Msg  "Collection was modified; enumeration operation may not execute."

5  Now Try to Drag Node E and Drop it in Node B, again same error occurs

6 Full error screen i attached here.

Please reply as soon as possible.

 

Hello Guys,

 

Good Evening , As per your suggestions i make my custom treeview node with LiteVisualElements .

In That Node i have taken one StackLayoutElement and RoundRectShape assigned to it but still panel shows corners instead of round edges,

i tried with different properties and styles but not get succeed , so please help me out.

here i have attached image of my node and "stackLayoutElement" code too.

spnlControls = new StackLayoutElement();
            spnlControls.Orientation = Orientation.Horizontal;
            spnlControls.NotifyParentOnMouseInput = true;
            spnlControls.DrawFill = true;
            spnlControls.DrawBorder = true;
            spnlControls.Shape = new RoundRectShape(4);
            spnlControls.BackColor = Color.Transparent;
            spnlControls.BackColor2 = Color.Transparent;
            spnlControls.BackColor3 = Color.Transparent;
            spnlControls.BackColor4 = Color.Transparent;
            spnlControls.BorderGradientStyle = GradientStyles.Solid;

Zooming in will throw an Exception that crashes the program.

The ZoomLevel needed to cause the exception is dependent on the area of the RadMap selected.

Provider: BingRestMapProvider

ImagerySet AerialWithLabelsOnDemand

 

 

Zooming in over Antarctica, Exception thrown zooming in at MapElement.ZoomLevel 14.

 

Zooming in over Australia, Exception thrown zooming in at MapElement.ZoomLevel 21.

 

Hi,

I want to hide some columns of the table I received from Excel on RadGridView.

The filter UI controls in ASP.NET Core and MVC are really nice, see filter. Can you include the same controls and UI be included in Winforms and WPF?

Hi everybody

 

I m try use the class CustomDragandDrop on radtreeview but i have a issue, 

if i use the next example, i dont have any problem:

      

   protected void BindRadTreeView()
        {
            DataTable dt = new DataTable();
            dt.Columns.Add("Id", typeof(string));
            dt.Columns.Add("Title", typeof(string));
            dt.Columns.Add("ParentId", typeof(string));

            string parentId = string.Empty;
            string childId = string.Empty;
            for (int i = 0; i < 2; i++)
            {
                parentId = Guid.NewGuid().ToString();
                dt.Rows.Add(parentId, "Node" + i, null);
                for (int j = 0; j < 5; j++)
                {
                    childId = Guid.NewGuid().ToString();
                    dt.Rows.Add(childId, "SubNode" + i + "." + j, parentId);
                }
            }

            this.radTreeView1.ChildMember = "Id";
            this.radTreeView1.ParentMember = "ParentId";
            this.radTreeView1.DisplayMember = "Title";
            this.radTreeView1.DataSource = dt;


        }

 

i can drag and drop correctly

 

but the problem is when i binding the Radtreeview

 

                       

    protected void llenatreeview1() {

            dtTablas = dat.consultaBD();

            DataTable dt = new DataTable();
            dtCopi.Columns.Add("Id", typeof(string));
            dtCopi.Columns.Add("Title", typeof(string));
            dtCopi.Columns.Add("ParentId", typeof(string));

            string parentId = string.Empty;
            string Id = string.Empty;
            string title = string.Empty;
            foreach (DataRow row in dtTablas.Rows)
            {
                parentId = row["ParentId"].ToString();     

                Id = row["Id"].ToString();
                title = row["Title"].ToString();

                if (parentId == "")
                    dt.Rows.Add(Id, title, null);
                else
                    dt.Rows.Add(Id, title, parentId);
            }

            radTreeView2.ChildMember = "Id";
            radTreeView2.ParentMember = "ParentId";
            radTreeView2.DisplayMember = "Title";
            radTreeView2.DataSource = dt;
        }

first is freeze and then appears the error.

when i drag and drop appears then next error:

System.StackOverflowException

 

what am I doing wrong please your help. thanks