This report highlights a security vulnerability in totaljsv5013 where users can change their password without authenticating the current one. Exploiting this flaw could allow unauthorized password changes, compromising system security. #totaljsv5013 #passwordvulnerability
Keypoints
- The vulnerability permits password changes without requiring the current password.
- It affects the totaljsv5013 application tested on Debian 12.
- The exploit involves sending a POST request to /admin/ with new credentials.
- An attacker can update user credentials without proper authentication checks.
- The flaw could lead to unauthorized access if exploited maliciously.