Broken Authentication: Unauthorized Access to Transaction Records and Fraudulent Trading in Mitake Smart Stock Selection System

Broken Authentication: Unauthorized Access to Transaction Records and Fraudulent Trading in Mitake Smart Stock Selection System

CVE-2021-28174 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Mitake smart stock selection system contains a broken authentication vulnerability. By manipulating the parameters in the URL, remote attackers can gain the privileged permissions to access transaction record, and fraudulent trading without login.

Learn more about our Web Application Penetration Testing UK.