FirstBlood-#110Information Leak leads to full backend access

On 2021-05-10, jonlaing reported:

After running a google search on I came across the Reddit page which has post by someone revealing their Invitation Code.

From there we can register by entering our name and the invite code and it gives us an account.

P2 High



FirstBlood ID: 15
Vulnerability Type: Auth issues

A doctors invite code is leaked on the internet which if used grants anyone access to the doctor portal. The invite code should expire after use.

Respect Earnt: 1500000
RESPECT ($RSP) is an experimental cryptocurrency based on the Ethereum blockchain with the mission to show respect to those who deserve it. We are testing it out on our FirstBlood hackevent.