Home / exploitsPDF  

Strapi 3.6.8 Password Disclosure / Insecure Handling

Posted on 02 May 2022

Strap versions prior to 3.6.9 and 4.1.5 disclose a user's password due to simply base64 encoding it and sticking it in a cookie.

 

TOP