Disclosure of the valid Cognizant credentials at the Postman collection

## Summary: Hello Team, Disclosure of the valid Cognizant credentials has been identified at public Postman collection - https://www.postman.com/shraddhayadav5/workspace/kpps/request/9872637-8d64d15c-1101-4d9c-b055-f8b45b3edce4. {F2783662} ## Steps To Reproduce: 1. Visit the mentioned Postman collection - https://www.postman.com/shraddhayadav5/workspace/kpps/request/9872637-8d64d15c-1101-4d9c-b055-f8b45b3edce4 2. Gather the credentials and send the following request: >POST /auth/realms/eukiaidm/protocol/openid-connect/token HTTP/2 >Host: eu-accountstg.kia.com >User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0 >Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 >Accept-Language: en-US,en;q=0.5 >Accept-Encoding: gzip, deflate, be >Upgrade-Insecure-Requests: 1 >Sec-Fetch-Dest: document >Sec-Fetch-Mode: navigate >Sec-Fetch-Site: none >Sec-Fetch-User: ?1 >Te: trailers >Content-Type: application/x-www-form-urlencoded >Content-Length: 149 > grant_type=password&client_id=kpps&client_secret=294d7b2b-e17c-42e0-9d8c-b1ac0bab5aa4&[email protected]&password=May@2023 Note that a token will be generated, that means that the credentials are valid: {F2783669} ## Impact The impact can vary and is a subject for program owners to decide.