| タイトル | PicoTronica e-Clinic Healthcare System (ECHS) v5.7 Improper Privilege Management |
|---|
| 説明 | In e-Clinic Healthcare System (ECHS) v5.7, a privileged administrative credential is embedded in a client-side JavaScript file at `/cdemos/echs/priv/echs.js` and is used as authentication material via an `X-Admin-Key` request header. The JavaScript (and embedded key) can be retrieved over HTTP(S), and the administrative key can be extracted and then used remotely in HTTP(S) requests to enable unauthorized use of administrative functionality |
|---|
| ソース | ⚠️ https://docs.google.com/document/d/1w1veNs8I3nxsVxbSiIgJmt-4S5a0rW0bvjDvEe7iDr0/edit?usp=sharing |
|---|
| ユーザー | Anonymous User |
|---|
| 送信 | 2026年04月09日 07:30 (2 月 ago) |
|---|
| モデレーション | 2026年05月06日 14:17 (27 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 361358 [PicoTronica e-Clinic Healthcare System ECHS 5.7 echs.js ADMIN_KEY 弱い認証] |
|---|
| ポイント | 20 |
|---|