[dev-unifi-go.ubnt.com] Insecure CORS, Stealing Cookies
Medium
U
Ubiquiti Inc.
Submitted None
Team Summary
Official summary from Ubiquiti Inc.
Due to a development designed error page and insecure CORS Header in dev-unifi-go.ubnt.com, the researcher was able to demonstrate how an attacker could steal users cookies by luring the user to access a web page controlled by the attacker.
Actions:
Reported by
bobrov
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Information Exposure Through an Error Message