Lucene search

K
huntrMichaellrowley1116ABD8-2D8D-446F-90F6-C2A7D7E655B1
HistoryJan 26, 2022 - 9:33 p.m.

in x360ce/x360ce

2022-01-2621:33:41
michaellrowley
www.huntr.dev
6
x360ce
vulnerability
.net
random
guid
sensitive data
bug bounty

Description

x360ce uses the .NET Random and Guid classes to generate random numbers/bytes that are used for sensitive purposes .

Proof of Concept

None provided.

Impact

This vulnerability is capable of allowing attackers to predict sensitive information on x360ce’s backend (see the β€˜occurances’ section for context.)