Revealing the Flaw: Inconsistent Session Management Plagues Popular Application
In January 2023, a critical vulnerability surfaced in the respected application SDK, specifically impacting its user setup functionalities. The exploit centered on inconsistent session management, allowing unauthorized users to change the first and last names of other users if they managed to guess their User IDs, exposing sensitive account information in the process. The vulnerability,…