Dark C0d3rs

Dark C0d3rs > Exploit Log > Research Papers/Vulnerability reports > HackerOne Disclosed Reports - 2025-03-24
Full Version: HackerOne Disclosed Reports - 2025-03-24
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

hashXploiter

03-25-2025, 07:00 PM
Logo
Medium
resolved

Non-Production API Endpoints for the Forecast Service Fail to Log to CloudTrail Resulting in Silent Permission Enumeration


Bug reported by Nick Frichette (Datadog) was disclosed at March 24, 2025, 8:40 pm   |   Insufficient Logging

The Forecast service in Amazon Web Services (AWS) has four non-production API endpoints that can be accessed using standard IAM credentials, but do not log any activity to CloudTrail. This allows for silent permission enumeration, where an adversary can test the capabilities of compromised credentials without leaving any trace in the CloudTrail logs.


Logo
Low
resolved

Twitter broken link hijacking in thewild.com


Bug reported by Yunxohang Limbu was disclosed at March 24, 2025, 6:11 pm   |  

A broken link hijacking vulnerability was discovered on thewild.com. The issue was reported and subsequently fixed by Autodesk.


Dark C0d3rs > Exploit Log > Research Papers/Vulnerability reports > HackerOne Disclosed Reports - 2025-03-24