๐ U.S. Dept Of Defense: Client side authentication leads to Auth Bypass
๐ก Newskategorie: Sicherheitslรผcken
๐ Quelle: vulners.com
Hi Team I have found that to access the data of endpoint https://โโโโโโโโ/โโโ/?#/ as user has to submit a password/passphrase. When we provide wrong password then we get and error message asked to get pass assistance message Contact โโโโ for password assistance. After analyzing the JS file I found that when correct password is provide a parameter is set in the localstorage "โโโโโโโ:true" Impact Auth bypass lead to sensitive data exposer like phone number, email id etc. System Host(s) โโโโโโ Affected Product(s) and Version(s) CVE Numbers Steps to Reproduce Visit https://โโโ/โโโโโ/?#/ Set a new parameter in local storage name โโโโโ and value true Reload the page โโโโโ Suggested Mitigation/Remediation... ...