Jason Parker (he/they) on Nostr: Another day, another #cybersecurity #vulnerability #disclosure: Thomson Reuters ...
Another day, another #cybersecurity #vulnerability #disclosure: Thomson Reuters C-Track #court eFiling.
An insufficient permission check vulnerability in the C-Track eFiling system allowed users to assign themselves privileged roles, such as "Clerk," during the registration process. By manipulating form data, attackers could gain unauthorized access to administrative functionalities and sensitive court data.
https://govtech.cc/README-2024-09-26-thomson-reuters-ctrack.md
(For those counting, this marks the thirteenth vulnerable court platform.)
#infosec
An insufficient permission check vulnerability in the C-Track eFiling system allowed users to assign themselves privileged roles, such as "Clerk," during the registration process. By manipulating form data, attackers could gain unauthorized access to administrative functionalities and sensitive court data.
https://govtech.cc/README-2024-09-26-thomson-reuters-ctrack.md
(For those counting, this marks the thirteenth vulnerable court platform.)
#infosec