| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAFzAN86zmi66Zp5R8sLjr1KPLgZzB7VbZ+F4cvkd-KMvTJDSVg@mail.gmail.com> Date: Mon, 27 Jan 2025 16:30:18 +0400 From: Shaikh Shahnawaz <sshahnawaz99910@...il.com> To: fulldisclosure@...lists.org Subject: [FD] AutoLib Software Systems OPAC Version.20.10 | Exposure of Sensitive Information | CVE-2024-48310 [+] Credits: Shahnawaz Shaikh, Security Researcher at Cybergate Defense LLC [+] twitter.com/_striv3r_ [Vendor] Autolib-india http://autolib-india.net/products.php [Product] AutoLib Software Systems OPAC Version.20.10 [Affected Component] main.js file [CVE Reference] CVE-2024-48310 [Security Issue] AutoLib Software Systems OPAC v20.10 was discovered to have multiple API keys exposed within the source code. Attackers may use these keys to access the backend API or other sensitive information. [Attack Vectors] After obtaining the API key, an attacker can use tools such as curl, Postman, or custom scripts to craft unauthorized requests to the target API. [Network Access] Remote [Severity] High [Disclosure Timeline] Vendor Notification: September 10, 2024 Vendor released fixed: September 25, 2024 _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/
Powered by blists - more mailing lists