In GolfBuddy Course Manager 1.1, passwords are sent (with base64 encoding) via a GET request.
Recent assessments:
horshark at March 09, 2020 8:13pm UTC reported:
Nothing deep, passwords are sent using Base64.
Ability to monitor networking traffic during user authentification.
Possibility to retrieve and decode usersβ passwords and gain access to their accounts.
rootOptional at March 09, 2020 8:02pm UTC reported:
Nothing deep, passwords are sent using Base64.
Ability to monitor networking traffic during user authentification.
Possibility to retrieve and decode usersβ passwords and gain access to their accounts.
SherlockSec at March 09, 2020 8:23pm UTC reported:
Nothing deep, passwords are sent using Base64.
Ability to monitor networking traffic during user authentification.
Possibility to retrieve and decode usersβ passwords and gain access to their accounts.
Assessed Attacker Value: 4
Assessed Attacker Value: 4Assessed Attacker Value: 2