Cleartext Password returned in JSON response

Disclosed: 2018-03-04 06:36:23 By ryudox To pushwoosh

Low

Vulnerability Details

Password was returned in the JSON response (For changing of password), which could be recovered by accessing the firefox.exe memory dump. The password string is persistent in the RAM (even after restarting Firefox application) until you restart the computer. Refer to the .docx for more information

Actions

View on HackerOne

Report Stats

Report ID: 215083
State: Closed
Substate: resolved
Upvotes: 5

Cleartext Password returned in JSON response

Vulnerability Details

Actions

Report Stats

Share this report