Navigation:   Dark C0d3rs Exploit Log Research Papers/Vulnerability reports HackerOne Disclosed Reports - 2025-03-16

HackerOne Disclosed Reports - 2025-03-16

0 Replies, 318 Views

 hashXploiter

   03-17-2025, 07:00 PM
Administrator
#1
Logo
Low
resolved

Sensitive Information Disclosure via Back Button Post Logout on https://apps.nextcloud.com/account/


Bug reported by Try_the_hack was disclosed at March 16, 2025, 2:50 pm   |  

A cache control vulnerability was identified on the You are not allowed to view links. Register or Login to view. page. After logging out, sensitive information such as the user's first name, last name, and email address remained accessible by using the browser's back button. This occurred due to improper caching of authenticated pages, allowing unauthorized access to sensitive user information.


[Image: e72398fe92beda2aa80d0329e8b9f4febece7568.gif]

Messages In This Thread
HackerOne disclosed reports - 2025-03-16 - by hashXploiter - 03-17-2025, 07:00 PM



Users browsing this thread: 1 Guest(s)