Article

Arxes Tolina User Disclosure via Application Function

A username disclosure vulnerability via the arxes-tolina web application allows authenticated users to see other users’ login usernames. By sending a HTTP Get Request to the API object the application discloses the usernames of those users that took part in the execution of this contract.