Email exposure of users to an authorized user

Main / Email exposure of users to an authorized user

Discription

# Description

Hello, this is an endpoint that leaks all the information of the users like names, email, role, and OpenID to an authenticated user

# Steps to reproduce
“`
1) build the web app
2) either you host it locally or on a server
3) try to add users with their data
4) visite https://localhost:5230/api/status
5) you can see all the users and their data
“`
# Attack scenario

anyone can build this web app on a server (i.e https://example.com) an authenticator user can visit https://example.com/api/status and fetch all the data of the usersRead More

References

Back to Main

Subscribe for the latest news: