Weakness: Sensitive Information Disclosure
Severity: Medium-High- CWE-200
Target : https://github.com/FUSIONFoundation/myfusionwallet
Summary:
After some research, I found a leak that leads to accessing sensitive data of API key.Such keys are vulnerable and has been misused before by the attackers.
POC:
Sensitive Information Leakage:
https://github.com/FUSIONFoundation/myfusionwallet/blob/aaa11e329e9a81fb47b9a400aa7f32178f16bee0/app/scripts/nodeHelpers/etherscan.js#L113
Impact:
High potential of an unauthorized access to PII data and misuage/attack.
Looking forward to hear from you soon on this.
Regards,
Phoenix
Weakness: Sensitive Information Disclosure
Severity: Medium-High- CWE-200
Target : https://github.com/FUSIONFoundation/myfusionwallet
Summary:
After some research, I found a leak that leads to accessing sensitive data of API key.Such keys are vulnerable and has been misused before by the attackers.
POC:
Sensitive Information Leakage:
https://github.com/FUSIONFoundation/myfusionwallet/blob/aaa11e329e9a81fb47b9a400aa7f32178f16bee0/app/scripts/nodeHelpers/etherscan.js#L113
Impact:
High potential of an unauthorized access to PII data and misuage/attack.
Looking forward to hear from you soon on this.
Regards,
Phoenix