admin password disclosure via log file
Medium
Vulnerability Details
Hi
I have log file disclose admin password on https://www.devicelock.com/log.txt
u can see md5 password in log file ,
```
2020-03-20 08:12:15 - main - <br>Module: change password (4.1.2)<br>change_password=yes;/forum/forum_auth.php;login=admin;md5=2bca2f877b7a727861b59f4a4039d2e9
```
## Impact
this information (admin password) can lead to admin account takeover
Actions
View on HackerOneReport Stats
- Report ID: 1121972
- State: Closed
- Substate: resolved
- Upvotes: 41