14Finger icon indicating copy to clipboard operation
14Finger copied to clipboard

Published 20 hours ago verified publisher icon b1ackc4t

I found four vulnerability related to user management authority.

Open k3ppf0r opened this issue 8 months ago • 0 comments

Verison

master branch

Vulnerability List

The first Vulnerability :14Finger User Sensitive Information Leakage Vulnerability The second vulnerability: 14Finger User privilege escalation vulnerability The third vulnerability: 14Finger Arbitrary user deletion vulnerability The fourth vulnerability: 14Finger Arbitrary User Password Reset Vulnerability

Summary:

14Finger does not strictly verify the identity permission of the current user operation, which causes the user to operate functions beyond the scope of his/her management permission, thus operating some behaviors that the user cannot operate.

Repair suggestions:

  1. API authentication
  2. principle of least privilege

For more vulnerability details, please refer to the PDF. 14Finger User Sensitive Information Leakage Vulnerability.pdf 14Finger User privilege escalation vulnerability.pdf 14Finger Arbitrary user deletion vulnerability.pdf 14Finger Arbitrary User Password Reset Vulnerability.pdf

k3ppf0r avatar Jun 04 '24 12:06 k3ppf0r