2 matches found
Authentication Bypass Using an Alternate Path or Channel
Overview Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel via the AWS Auth method. An attacker can gain unauthorized access by exploiting mishandling of cache entries when the configured boundprincipaliam role is identical across AWS...
HackerOne: Cache leads to Privacy leaks
POC IS ATTACHED Description: --------------------------- This bug allows me to see others users usernames even if they don't want to. Steps to reproduce: -------------------------------------- 1. Log in to account A 2. Change password of account A 3. You will be automatically logged out. 4. Log i...