Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

I found four vulnerability related to user management authority. #12

Open
k3ppf0r opened this issue Jun 4, 2024 · 0 comments
Open

I found four vulnerability related to user management authority. #12

k3ppf0r opened this issue Jun 4, 2024 · 0 comments

Comments

@k3ppf0r
Copy link

k3ppf0r commented Jun 4, 2024
edited
Loading

Verison

master branch

Vulnerability List

The first Vulnerability :14Finger User Sensitive Information Leakage Vulnerability
The second vulnerability: 14Finger User privilege escalation vulnerability
The third vulnerability: 14Finger Arbitrary user deletion vulnerability
The fourth vulnerability: 14Finger Arbitrary User Password Reset Vulnerability

Summary:

14Finger does not strictly verify the identity permission of the current user operation, which causes the user to operate functions beyond the scope of his/her management permission, thus operating some behaviors that the user cannot operate.

Repair suggestions:

  1. API authentication
  2. principle of least privilege

For more vulnerability details, please refer to the PDF.
14Finger User Sensitive Information Leakage Vulnerability.pdf
14Finger User privilege escalation vulnerability.pdf
14Finger Arbitrary user deletion vulnerability.pdf
14Finger Arbitrary User Password Reset Vulnerability.pdf
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@k3ppf0r