![]() ![]() This can allow authenticated attackers with subscriber-level permissions or above to extract sensitive data including Sberbank API key and password, PayPal Client Secret, and more keys and passwords. The Leyka plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.30.3 via the 'leyka_ajax_get_env_and_options' function. All users and clients with proper rights and roles are able to read users attributes, allowing a malicious user with minimal access to retrieve the users passwords in clear text, jeopardizing their environment. When a user registers itself through registration flow, the "password" and "password-confirm" field from the form will occur as regular user attributes. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.Ī flaw was found in the Keycloak package, more specifically. The identifier VDB-239797 was assigned to this vulnerability. The exploit has been disclosed to the public and may be used. The exploitation appears to be difficult. The complexity of an attack is rather high. Local access is required to approach this attack. The manipulation leads to password hash with insufficient computational effort. Affected by this vulnerability is an unknown functionality of the file Project.xml. A vulnerability classified as problematic was found in Supcon InPlant SCADA up to 20230901.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |