Unsecure Caching Mechanism May Expose users Credit Card Details
State Resolved (Closed)
Disclosed publicly 2019-01-11T08:01:38.834Z
Reported To
Weakness Insufficiently Protected Credentials
Bounty $300
Collapse


Timeline
submitted a report to Chaturbate .
2018-09-20T03:40:32.041Z

Hello There !

I have Found an Endpoint in the website which needs an credit of an Users and website is allowing caching of that particular page that means the credit card details are also cached in the browser. Which is totally insecure.

Vulnerable URL:
https://billingsupport.chaturbate.com/customer_support/information_form/

Impact

The caches are stored in clear Text in Local Hard-disk of an user Which is not secure in anyway.

Steps To Reproduce:

Please Check my POC video.

Impact

https://billingsupport.chaturbate.com/customer_support/information_form/ This endpoint is allowing the creadit card details to be stored in clear text into the browser caches.

Regards,
Frans

  • 0 attachments:
imran1121 Activities::Comment
2018-09-20T03:42:10.798Z
Working POC:


williammmllc Activities::BugTriaged
2018-09-20T21:13:29.319Z
Thanks for the report, you are right this shouldn't be shown after submission, we'll get this fixed.


Activities::BountyAwarded
2018-09-20T21:13:39.397Z


williammmllc Activities::BugResolved
2018-09-20T22:21:37.577Z
Thanks again for the report, this is now fixed.


imran1121 Activities::AgreedOnGoingPublic
2019-01-11T07:51:16.964Z


williammmllc Activities::AgreedOnGoingPublic
2019-01-11T08:01:38.792Z


williammmllc Activities::ReportBecamePublic
2019-01-11T08:01:38.855Z