Full Path Disclosure in password lock
Unknown
Vulnerability Details
Hi,
Password input must be string but not checked in PasswordLock lib,
It will throw an exception on `hash` function call
Warning: hash() expects parameter 2 to be string
So you must validate it in `hashAndEncrypt` and `decryptAndVerify`
Regards
Actions
View on HackerOneReport Stats
- Report ID: 115422
- State: Closed
- Substate: informative