| Titel | didi DDMQ 1.0 Authorization Bypass |
|---|
| Beschreibung | In DDMQ console module through all the versions, a specially crafted request may cause an authentication bypass. Attackers can add “/;login” at the tail of authorization-required urls to bypass the authentication and retrieve sensitive information. |
|---|
| Quelle | ⚠️ https://github.com/didi/DDMQ/issues/37 |
|---|
| Benutzer | gaogaostone (UID 53740) |
|---|
| Einreichung | 10.10.2024 09:32 (vor 2 Jahren) |
|---|
| Moderieren | 18.10.2024 21:54 (9 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 280957 [didi DDMQ 1.0 Console schwache Authentisierung] |
|---|
| Punkte | 17 |
|---|