#35157 [W&A-Insight] Unauthorized Access to Shardeum Config Store using default credentials

Submitted on Sep 7th 2024 at 16:30:22 UTC by @sujan_shetty for

Report ID: #35157
Report Type: Websites and Applications
Report severity: Insight
Target: https://immunefi.com
Impacts:
- Unauthorized Access to Shardeum Config Store which leads to create,edit,delete configurations

Description

Vulnerability Details

I have found one endpoint http://internal.network.shardeum.org/login which use default credentials so that attacker can bypass auth and attacker can create,edit,delete Shardeum Config Store .

##Steps to reproduce

Navigate to http://internal.network.shardeum.org/login
use below credentials username as admin password ad password
you will get access to internal Dashboard there you create,edit,delete the configurations

Impact Details

attacker can bypass auth and attacker can create,edit,delete Shardeum Config Store .

Proof of Concept

screenshot is attached.

Previous#35824 [W&A-Medium] `/set-config` replay attack is possible in production mode after archiver restart Next#35709 [W&A-Critical] Potential DoS of archiver-server during network restoration via get_account_data_archiver call

Was this helpful?