Top Echelon Software: Clickjacking in main domain https://topechelon.com/

The target website was vulnerable to Clickjacking, a web-based attack that tricked users into interacting with a hidden or disguised iframe. The vulnerability could have been exploited to manipulate user actions, potentially leading to unauthorized activities...

Top Echelon Software: Public and secret api key leaked in JavaScript source

Summary: Summary the vulnerabilities I am surfing on the bb3jobboard.topechelon.com website. I found a sensitive data including authentication key written in public accessible javascript file. URL Vulnerability https://bb3jobboard.topechelon.com/!/search?page=1 Steps To Reproduce: Open...

Top Echelon Software: Disable xmlrpc.php file

Summary: xmlrpc.php can be used for portscanning or bruteforce attacks. Better is to hide this file. Steps To Reproduce: 1. Go to https://www.topechelon.com/xmlrpc.php 2. send a post request. POST /xmlrpc.php HTTP/1.1 Host: www.topechelon.com User-Agent: Mozilla/5.0 X11; Linux x8664; rv:60.0...

Top Echelon Software: able to login into login.topechelon.com

The support login for our administrative account was using insecure credentials, allowing access to our administrative account. These credentials are not used, so we chose to deactivate the login to prevent access...