FirstBlood-#110 — Information Leak leads to full backend access
This report has been reviewed and accepted as a valid vulnerability on FirstBlood!
On 2021-05-10, jonlaing reported:
After running a google search on firstbloodhackers.com I came across the Reddit page which has post by someone revealing their Invitation Code.
From there we can register by entering our name and the invite code and it gives us an account.
This report has been publicly disclosed for everyone to view
FirstBlood ID: 15
Vulnerability Type: Auth issues
A doctors invite code is leaked on the internet which if used grants anyone access to the doctor portal. The invite code should expire after use.
Respect Earnt: 1500000
is an experimental cryptocurrency based on the Ethereum blockchain with the mission to show respect to those who deserve it. We are testing it out on our FirstBlood hackevent.