| शीर्षक | Mohammed-eid35 bank-management-system-springboot 1 Authentication Bypass by Primary Weakness |
|---|
| विवरण | A vulnerability has been found in Mohammed-eid35 bank-management-system-springboot. The application exposes /transaction/deposit and /transaction/withdraw to unauthenticated users because /transaction/** is configured with permitAll() in the Spring Security configuration. Any unauthenticated request can reach these endpoints. The backend does not verify the current user identity or account ownership before processing the transaction. Instead, it directly processes transactions based on the supplied transaction identifiers: a valid card_number is sufficient for deposits, and a valid card_number plus cvv is sufficient for withdrawals. This allows unauthorized deposits and withdrawals and direct modification of account balances without a valid authenticated session.
|
|---|
| स्रोत | ⚠️ https://github.com/Mohammed-eid35/bank-management-system-springboot/issues/8 |
|---|
| उपयोगकर्ता | wr0ld (UID 98487) |
|---|
| सबमिशन | 24/05/2026 03:35 PM (19 दिन पहले) |
|---|
| संयम | 07/06/2026 06:04 PM (14 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 369141 [Mohammed-eid35 bank-management-system-springboot तक 7b9bcc65ad7df3db29af71aed9bb500e5f24d948 Transaction Endpoint TransactionController.java अधिकार वृद्धि] |
|---|
| अंक | 20 |
|---|