Vulnerability Summary
HackerOne disclosed report --> https://hackerone.com/reports/3670955 by glferreira-devsecops
Asset: coinmate.io (Core REST API - https://coinmate.io/api)
Vulnerability Type: CWE-325 (Missing Required Cryptographic Step) / CWE-345 (Payload Malleability & Request Forgery)
Severity Category: High (CVSS v3.0: 8.1 - AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N)
Important Triage Note: To prevent false negatives during verification, please carefully read the "Attacker Execution Methodology" section before attempting manual reproduction. Manual re-use of cURL signatures will fail due to the Database's Nonce Replay Protection. We have provided an automated Python PoC to simulate the precise network conditions of the exploit.
hackerone-reportsHackerOne disclosed report --> https://hackerone.com/reports/3307874 by rorkh
hackerone-reportsHackerOne disclosed report --> https://hackerone.com/reports/3625600 by bereza4321
hackerone-reportsHackerOne disclosed report --> https://hackerone.com/reports/3697719 by xkilua
No comments yet.
Be the first to share your thoughts
Log in to join the discussion.
Sign In