Introduction  A vulnerability identified by Nils Putnins (researcher of NCSC) allows an attacker to access services without any authentication required.  Vulnerability details  The authorization controls within the application is incorrectly implemented. Requests towards endpoints contain no provided cookies or other authentication mechanisms, allowing the actions to be undertaken by a regular application visitor.  Impact analysis  […]

Introduction  A vulnerability identified by Nils Putnins (researcher of NCSC) allows an attacker to access services without any authentication required.  Vulnerability details  SQL Injection is a type of security vulnerability that occurs when an attacker inserts malicious SQL code into an input field of a web application. This allows the attacker to manipulate the application’s […]