You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
#01 Unprotected sensitive page / Information disclosure
Summary: Unprotected sensitive pages can make an attacker view sensitive informations like Username, Email, Password etc..
Steps to reproduce: There is only one step to reproduce this vulnerability, visit "/api/admin/users" (https://hack-yourself-first.com/api/admin/users).
Impact: This vulnerability allows an attacker to view all sensitive information of the users which may lead to account compromise of all the users.