| Título | elunez eladmin <=2.7 Sensitive Information Disclosure |
|---|
| Descripción | In eladmin versions up to 2.7, the /auth/info endpoint returns user information without filtering entity fields. As a result, sensitive data including the user’s password hash is mistakenly returned, creating a risk of offline password brute-force attacks. |
|---|
| Fuente | ⚠️ https://github.com/elunez/eladmin/issues/885 |
|---|
| Usuario | ez-lbz (UID 87033) |
|---|
| Sumisión | 2025-08-10 06:21 (hace 11 meses) |
|---|
| Moderación | 2025-08-20 13:07 (10 days later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 320773 [elunez eladmin hasta 2.7 /auth/info divulgación de información] |
|---|
| Puntos | 17 |
|---|