FirstBlood-#140 — Invitation code leaked on reddit
This issue was discovered on FirstBlood v1
On 2021-05-10, codersanjay Level 3 reported:
Invitation code of a doctor was leaked on reddit with which I was able to register a doc myself.
Create doctor account and impersonate.
FirstBlood ID: 15
Vulnerability Type: Auth issues
A doctors invite code is leaked on the internet which if used grants anyone access to the doctor portal. The invite code should expire after use.