Menu Icon

Cobalt Vulnerability Wiki

Cobalt Vulnerability Wiki

Categories

Toggle Arrow IconV2 - AuthenticationToggle Arrow IconV3 - Session ManagementToggle Arrow IconV4 - Access Control
Account takeover via "Forgot your password" functionality Admin panel publicly accessible Admin panel takeover AWS bucket misconfiguration Critically Sensitive Data - Password Disclosure Critically Sensitive Data - Private API KeysCSRF Database Management System (DBMS) Misconfiguration:Excessively Privileged User / DBA Directory Listing Enabled EXIF Geolocation Data Not Stripped From Uploaded Images - User Enumeration Insecure crossdomain.xml policy OAuth Account Takeover OAuth Insecure Redirect URI OAuth Missing/Broken State Parameter Sensitive Token in URL Token Leakage via Referer Weak Password Reset Implementation - Token Leakage via Host Header Poisoning
Toggle Arrow IconV5 - Validation/SanitizationToggle Arrow IconV6 - CryptographyToggle Arrow IconV7 - Error LoggingToggle Arrow IconV8 - Data ProtectionToggle Arrow IconV9 - CommunicationsToggle Arrow IconV10 - Malicious CodeToggle Arrow IconV11 - Business LogicToggle Arrow IconV12 - Files ResourcesToggle Arrow IconV13 - APIToggle Arrow IconV14 - Config
Arrow Left

V4 - Access Control

Critically Sensitive Data - Password Disclosure

POC

- During directory brute forcing, observe that /xxx directory reveals passwords as cleartext. Check for any directory that may reveal sensitive data with directory bruteforcing


dirsearch -e all -t 5 -u <URL>




Impact

High



Likelihood

High


Ready to get started?

our platformschedule a demo
Aircall logoAlgolia logoCangageCredit KarmaDattoEgnyteHubspotMovinimageMulesoftPendoSentaraSmarshSnowSolarisTalkdeskVerifoneKubraAxel SpringerNuna

Join some of these great clients we're proud to have helped