Bypassing Client-side JavaScript Controls to Gain Unauthorized Access and Modify User Credentials and Permissions

Bypassing Client-side JavaScript Controls to Gain Unauthorized Access and Modify User Credentials and Permissions

CVE-2022-2105 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Client-side JavaScript controls may be bypassed to change user credentials and permissions without authentication, including a “root” user level meant only for the vendor. Web server root level access allows for changing of safety critical parameters.

Learn more about our Web App Pen Testing.