Subscribe via feed.

Strapi 3.6.8 Password Disclosure / Insecure Handling

Posted by deepcore on May 3, 2022 – 4:21 am

Strap versions prior to 3.6.9 and 4.1.5 disclose a user’s password due to simply base64 encoding it and sticking it in a cookie.


This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.


« »