| 제목 | Control iD Panel - Password stored in Cookies |
|---|
| 설명 | The application Control iD Panel stores user and clear text password in cookies that allows attackers to disclosure credentials, we detected this vulnerability after logging into the application and viewing the cookies stored in the browser.
Attack vector:
Any cookie-stealing vulnerabilities within the application or browser would enable an attacker to steal the user's credentials to the application.
Credits:
Leonardo Teodoro, Luigi Polidório, Red Team Softwall |
|---|
| 원천 | ⚠️ https://l6x.notion.site/PoC-Improper-Authentication-efe05964ff604beeac15f693c1e01dd6?pvs=4 |
|---|
| 사용자 | LuigiSoftwall (UID 51872) |
|---|
| 제출 | 2023. 07. 31. PM 06:11 (3 연령 ago) |
|---|
| 모더레이션 | 2023. 08. 16. PM 11:06 (16 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 237380 [Control iD Gerencia Web 1.30 Cookie 약한 암호화] |
|---|
| 포인트들 | 17 |
|---|