Casbin Get Users Account Password Leak Vulnerability
Casbin Get Users Account Password Leak Vulnerability
Casbin get-users account password leak vulnerability
Vulnerability Description
There is an account password leak vulnerability in the Casbin get-users API interface. The attacker can obtain user sensitive information through the vulnerability.
Vulnerability Impact
Casbin
Network surveying and mapping
title=”Casdoor”
Vulnerability reappears
Login page
Verify POC
1
/api/get-users?p=123&pageSize=123
This post is licensed under CC BY 4.0 by the author.