CVE-2024-49762 Pterodactyl Panel has plain-text logging of user passwords when two-factor authentication is disabled
Pterodactyl is a free, open-source game server management panel. When a user disables two-factor authentication via the Panel, a DELETE request with their current password in a query parameter will be sent. While query parameters are encrypted when using TLS, many webservers including ones...