CoinTR Pro Disclosed Report

Bug bounty report CoinTR Pro Mobile & API

GoCd Encryption Key exposed on cointr.com

Company
Created date
Apr 30 2024

Target

www.cointr.com

Vulnerability Details

The GoCD encryption key is a sensitive piece of information used to encrypt and decrypt secret variables within your GoCD configuration. Knowing this key allows someone to decrypt any confidential information stored in GoCD, like passwords or API keys.

Here's some key information about the GoCD encryption key:

Here are some resources for further reading:

Validation steps

POC

go to : https://ops-header-ws.cointr.com/go/add-on/business-continuity/api/cipher.aes

Attachments

Screenshot_2024-04-30_at_7.00.13_PM.png
CommentsReport History
Comments on this report are hidden
Details
Statedisclosed
Severity
Medium
Bounty
hidden
Visibilitypartially
VulnerabilityInsecure Data Transport
Participants (2)
company admin