Summary
The API endpoint http://<Server-ip>/v1/users/name allows unauthenticated users to access sensitive information, such as usernames, without any authorization. This vulnerability could be exploited by an attacker to enumerate usernames and leverage them for further attacks, such as brute-force or phishing campaigns.
Details
ZimaOS API reveals usernames to unauthenticated users, enabling attackers to gather valid usernames for further exploitation. No authentication or authorization token is required to access this data.
PoC
Send a GET request to the endpoint:
GET http://<Server-ip>/v1/users/name
Example response:
{
"username": "johndoe"
}
YouTube Video PoC
Unlisted YouTube PoC Link
Impact
- User Enumeration: Attackers can gather usernames, which can then be used for password brute-forcing or targeted phishing attacks.
- Further Exploitation: This issue can lead to other vulnerabilities being more easily exploited, especially if username-based access controls exist elsewhere in the application.
Recommendation
- Access Controls: Implement proper access controls, requiring authentication and authorization to access user-specific endpoints.
- Role-Based Access: Enforce role-based access checks to ensure only authorized users can access sensitive data like usernames.
DrDark1999 Reporter
Summary
The API endpoint
http://<Server-ip>/v1/users/nameallows unauthenticated users to access sensitive information, such as usernames, without any authorization. This vulnerability could be exploited by an attacker to enumerate usernames and leverage them for further attacks, such as brute-force or phishing campaigns.Details
ZimaOS API reveals usernames to unauthenticated users, enabling attackers to gather valid usernames for further exploitation. No authentication or authorization token is required to access this data.
PoC
Send a GET request to the endpoint:
GET http://<Server-ip>/v1/users/nameExample response:
YouTube Video PoC
Unlisted YouTube PoC Link
Impact
Recommendation