Zero click account Takeover due to Api misconfiguration 🏂🎩
Critical
U
UPchieve
Submitted None
Team Summary
Official summary from UPchieve
Hacker reported that full account takeover was possible through exploitation of one our forms. Hacker provided sufficient information to prove capability and how to remediate. Our team remediated the issue so that the takeover is no longer possible.
Actions:
Reported by
zero_or_1
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Improper Access Control - Generic