#35157 [W&A-Insight] Unauthorized Access to Shardeum Config Store using default credentials
Was this helpful?
Was this helpful?
Submitted on Sep 7th 2024 at 16:30:22 UTC by @sujan_shetty for
Report ID: #35157
Report Type: Websites and Applications
Report severity: Insight
Target: https://immunefi.com
Impacts:
Unauthorized Access to Shardeum Config Store which leads to create,edit,delete configurations
I have found one endpoint http://internal.network.shardeum.org/login which use default credentials so that attacker can bypass auth and attacker can create,edit,delete Shardeum Config Store .
##Steps to reproduce
Navigate to http://internal.network.shardeum.org/login
use below credentials username as admin password ad password
you will get access to internal Dashboard there you create,edit,delete the configurations
attacker can bypass auth and attacker can create,edit,delete Shardeum Config Store .
screenshot is attached.