default ████ creds on https://████████

Disclosed: 2022-02-14 21:17:10 By pirateducky To deptofdefense
Critical
Vulnerability Details
**Description:** I can log into `https://███ using` `█████` as credentials ## Impact Can do anything an ██████████ can do in this application, Server Now ## Step-by-step Reproduction Instructions 1. go to `https://███████` 2. log in using `██████████` ## Suggested Mitigation/Remediation Actions use proper authentication, this might be a test account but it should still not use `███` as the creds ## Impact logged in as ████ ██████ as shown in the screenshot
Actions
View on HackerOne
Report Stats
  • Report ID: 711662
  • State: Closed
  • Substate: resolved
  • Upvotes: 4
Share this report