Minting admin API keys with an unauth POST request is a wild bug to have

Navigazione
- Categorie
- Recenti
- Mondo
- Ultime miste
- Tag
- Popolare
- Utenti
- Gruppi
- Preferiti
Account
- Registrati
- Accedi

Navigazione
- Categorie
- Recenti
- Mondo
- Ultime miste
- Tag
- Popolare
- Utenti
- Gruppi
- Preferiti
Account
- Registrati
- Accedi

Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you have been placed in read-only mode.

Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).

Minting admin API keys with an unauth POST request is a wild bug to have

Pianificato Fissato Bloccato Spostato
Senza categoria

1 1 0

C
128

0

C

campuscodi@mastodon.social

Minting admin API keys with an unauth POST request is a wild bug to have

Critical Account Takeover via Unauthenticated API Key Creation in better-auth (CVE-2025-61928) - ZeroPath Blog

ZeroPath uncovered an unauthenticated API key creation flaw in better-auth's API keys plugin that enables attackers to mint privileged credentials for arbitrary users; this post details the bypass, exploitation path, and how we found it.

(zeropath.com)
0
C cybersecurity@poliverso.org ha condiviso questa discussione