authentication bypass
Medium
U
U.S. Dept Of Defense
Submitted None
Actions:
Reported by
xandsz
Vulnerability Details
Technical details and impact analysis
**Description:**
hello team!
the endpoint https://www.████████/852585B6003EBA25/Login.html?open
There is a page to log in!
however, it is possible to ignore this page using just a single quote '
let's go!
1: go to https://www.███████/852585B6003EBA25/Login.html?open
2: in the login field put a single quote '
3: boom! Now you have access to the portal completely ignoring the login and password field!!
little video:
███
## Impact
Improper Authentication
## System Host(s)
www.█████
## Affected Product(s) and Version(s)
## CVE Numbers
## Steps to Reproduce
let's go!
1: go to https://www.████████/852585B6003EBA25/Login.html?open
2: in the login field put a single quote '
3: boom! Now you have access to the portal completely ignoring the login and password field!!
## Suggested Mitigation/Remediation Actions
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Improper Authentication - Generic