😂Vulnerability #2: Hardcoded Credentials

Navigating to the util.Util class, we can see that verifyUserNamePassword calls getUserCreds and compares the values that it returns with the values that we provide.

The vulnerability here is that credentials are hardcoded into the getUserCreds method, thus giving us a valid account that we can use to login into the app.

username: shopuser password: !ns3csh0p

PreviousVulnerability #1: Insecure Logging NextVulnerability #3: Insecure Data Storage

Last updated 2 years ago