Critical IDOR - Get Authentication Details of any Terminal/Gatekeeper

Disclosed: 2016-06-12 16:05:39 By itly To veris

Unknown

Vulnerability Details

Hello Team, I have found a critical IDOR using which an attacker can get authentication details of any gatekeeper/terminal remotely by just changing the value of gatekeeper/terminal id. Proof of Concept: Please find it attached. Best Regards, Hely H. Shah

Actions

View on HackerOne

Report Stats

Report ID: 120293
State: Closed
Substate: resolved
Upvotes: 3

Critical IDOR - Get Authentication Details of any Terminal/Gatekeeper

Vulnerability Details

Actions

Report Stats

Share this report