sindre
/
Beelance
關註 1
收藏 0
複製 0
程式碼 問題管理 6 合併請求 0 版本發佈 0 Wiki Activity
標籤 里程碑
建立問題

#9 Account enumeration

已關閉
sindre5 年之前建立 · 1 條評論
sindre 評論 5 年之前

An adversary can view all registered users when applying for aproject.

An adversary can view all registered users when applying for aproject.
sindre 新增至Required fixes 里程碑 5 年之前
sindre added the
sensitive data exposure
label 5 年之前
sindre added the
bug
label 5 年之前
sindre added the
webpy
label 5 年之前
sindre 評論 5 年之前
所有者

This can be done by allowing any username, and not indicating whether the user exists or not.

This can be done by allowing any username, and not indicating whether the user exists or not.
sindre5 年之前 關閉
登入 才能加入這對話。
No Branch/Tag Specified
分支列表 標籤列表
標籤
清除已選取標籤
broken access control
Broken access control vulnerability broken authentication
Broken authentication vulnerability bug
Something is not working csrf
Cross site request forgery vulnerability enhancement
New feature injection
Injection vulnerability insecure deserialization
Insecure deserialization vulnerability known vulnerability
Using components with known vulnerabilities logging
Insufficient logging vulnerability nginx
Concerns nginx security misconfiguration
Security misconfiguration vulnerability sensitive data exposure
Sensitive data exposure vulnerability webpy
Concerns the webpy framework
未選擇標籤
broken access control
broken authentication
bug
csrf
enhancement
injection
insecure deserialization
known vulnerability
logging
nginx
security misconfiguration
sensitive data exposure
webpy
里程碑
清除已選取里程碑
未選擇里程碑
Required fixes
Assignees
Clear assignees
No Assignees
1 參與者
Due Date

No due date set.

Dependencies

This issue currently doesn't have any dependencies.

Write Preview
Loading…
取消
儲存
尚未有任何內容
Delete Branch '%!s(MISSING)'

Deleting a branch is permanent. It CANNOT be undone. Continue?

取消操作
確認操作