Vulnerability Summary
HackerOne disclosed report --> https://hackerone.com/reports/3625600 by bereza4321
Type: Architectural Security Issue
CWE: CWE-20 – Improper Input Validation
Severity: High
The /api-internal/login authentication endpoint in Burp Suite DAST (Enterprise) internal login interface (test instance) processes user-supplied input before enforcing field-level validation, allowing extremely large payloads in the password field to be buffered and parsed prior to rejection. Domain intentionally omitted for confidentiality.
hackerone-reportsHackerOne disclosed report --> https://hackerone.com/reports/3670955 by glferreira-devsecops
hackerone-reportsHackerOne disclosed report --> https://hackerone.com/reports/3307874 by rorkh
hackerone-reportsHackerOne disclosed report --> https://hackerone.com/reports/3697719 by xkilua
No comments yet.
Be the first to share your thoughts
Log in to join the discussion.
Sign In