1 |
User enumeration |
A remote attacker can find valid users in web applications and use brute force to exploit this vulnerability to find the corresponding password. |
2 |
User privilege escalation |
The exploitation of this vulnerability allows the remote attacker to gain more privileges. |
3 |
Broken access control |
The exploitation of this vulnerability allows the remote attacker to gain more privileges. |
4 |
The server does not require the old password when changing the password |
It is too easy for a remote attacker to change the password. |
5 |
Cleartext storage of sensitive information |
The remote attacker can guess the token permissions. |
6 |
Privilege escalation exists on hidden token |
The remote attacker could gain root privileges and execute commands by accessing the hidden token API. |
7 |
Remote code execution |
The remote attacker can use this to inject strings and force the server to run additional commands. |