FirstBlood-#110 — Information Leak leads to full backend access
This issue was discovered on FirstBlood v1.0.0
On 2021-05-10, jonlaing Level 2 reported:
After running a google search on firstbloodhackers.com I came across the Reddit page which has post by someone revealing their Invitation Code.
From there we can register by entering our name and the invite code and it gives us an account.
FirstBlood ID: 15
Vulnerability Type: Auth issues
A doctors invite code is leaked on the internet which if used grants anyone access to the doctor portal. The invite code should expire after use.