+- Dark C0d3rs (https://darkcoders.wiki)
+-- Forum: Exploit Log (https://darkcoders.wiki/Forum-Exploit-Log)
+--- Forum: Research Papers/Vulnerability reports (https://darkcoders.wiki/Forum-Research-Papers-Vulnerability-reports)
+--- Thread: HackerOne Disclosed Reports - 2025-03-14 (/Thread-HackerOne-Disclosed-Reports-2025-03-14)
HackerOne disclosed reports - 2025-03-14 - hashXploiter - 03-15-2025
resolved
2FA Bypass leads to impersonation of legimate users
Bug reported by dedo was disclosed at March 14, 2025, 3:30 pm | Improper Authentication - Generic
The authentication system had a logic flaw that allowed an attacker to impersonate a legitimate user who had not yet registered. By abusing the email change functionality and bypassing 2FA, the attacker could retain access to the account until the legitimate user reset their password.
resolved
Stored Cross-Site Scripting found in custom integration app on https://admin.b360.autodesk.com.
Bug reported by TheWhiteEvil was disclosed at March 14, 2025, 3:01 pm | Cross-site Scripting (XSS) - Stored
Stored Cross-Site Scripting was found in custom integration app on You are not allowed to view links. Register or Login to view.. The vulnerability could have allowed an attacker to inject malicious JavaScript code when viewed by users. The issue was fixed by Autodesk.