8x8: Access to ██████████████ due to weak credentials

2019-09-11T01:26:26
ID H1:692116
Type hackerone
Reporter kingragnar
Modified 2020-01-08T20:37:28

Description

Hi Team

Description: During the analysis, It was found that the █████████████████████ ask's for credentials from the users to access the ██████, But the weak credentials set █████:██████ allows anyone to login.

Steps To Reproduce:

  1. Open █████████████████████████
  2. Enter █████████ ███████ username and password field.
  3. You now have access to the analytical data.

POC

███

Remediation

Use strong set of password instead of common████generic ones like ████:██████

Impact

An attacker can bypass the authentication check and access the internal analytical data.

PS: apart from the analytical data, I wasn't able to find much.