| Title | Control iD Panel - Password stored in Cookies |
|---|
| Description | The application Control iD Panel stores user and clear text password in cookies that allows attackers to disclosure credentials, we detected this vulnerability after logging into the application and viewing the cookies stored in the browser.
Attack vector:
Any cookie-stealing vulnerabilities within the application or browser would enable an attacker to steal the user's credentials to the application.
Credits:
Leonardo Teodoro, Luigi Polidório, Red Team Softwall |
|---|
| Source | ⚠️ https://l6x.notion.site/PoC-Improper-Authentication-efe05964ff604beeac15f693c1e01dd6?pvs=4 |
|---|
| User | LuigiSoftwall (UID 51872) |
|---|
| Submission | 07/31/2023 18:11 (3 years ago) |
|---|
| Moderation | 08/16/2023 23:06 (16 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 237380 [Control iD Gerencia Web 1.30 Cookie cleartext storage] |
|---|
| Points | 17 |
|---|