| عنوان | Control iD Panel - Password stored in Cookies |
|---|
| الوصف | The application Control iD Panel stores user and clear text password in cookies that allows attackers to disclosure credentials, we detected this vulnerability after logging into the application and viewing the cookies stored in the browser.
Attack vector:
Any cookie-stealing vulnerabilities within the application or browser would enable an attacker to steal the user's credentials to the application.
Credits:
Leonardo Teodoro, Luigi Polidório, Red Team Softwall |
|---|
| المصدر | ⚠️ https://l6x.notion.site/PoC-Improper-Authentication-efe05964ff604beeac15f693c1e01dd6?pvs=4 |
|---|
| المستخدم | LuigiSoftwall (UID 51872) |
|---|
| ارسال | 31/07/2023 06:11 PM (3 سنوات منذ) |
|---|
| الاعتدال | 16/08/2023 11:06 PM (16 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 237380 [Control iD Gerencia Web 1.30 Cookie تشفير ضعيف] |
|---|
| النقاط | 17 |
|---|