CVE-2017-11681

Published July 27th, 2017

View on NVD ↗

CVSS v3

N/A

CVSS v2

6.5

MEDIUM

Affected

PROJECT

Description

Incorrect Access Control vulnerability in Hashtopussy 0.4.0 allows remote authenticated users to execute actions that should only be available for administrative roles, as demonstrated by an action=createVoucher request to agents.php.

hashtopolis/server

Hashtopolis - distributed password cracking with Hashcat

GitHub

1.76K