| Title | didi DDMQ 1.0 Authorization Bypass |
|---|
| Description | In DDMQ console module through all the versions, a specially crafted request may cause an authentication bypass. Attackers can add “/;login” at the tail of authorization-required urls to bypass the authentication and retrieve sensitive information. |
|---|
| Source | ⚠️ https://github.com/didi/DDMQ/issues/37 |
|---|
| User | gaogaostone (UID 53740) |
|---|
| Submission | 10/10/2024 09:32 (2 years ago) |
|---|
| Moderation | 10/18/2024 21:54 (9 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 280957 [didi DDMQ 1.0 Console improper authentication] |
|---|
| Points | 17 |
|---|