November 16, 2023

Disclosure: Financial Application

Our team occasionally scans APIs for various customer and research purposes, or in connection with a specific request. As we do this, we sometimes find vulnerabilities from third-party organizations. This article is part of an ongoing series of posts following some API vulnerabilities FireTail researchers have uncovered in the process…

Viktor Markopoulous discovered that an API belonging to a financial application was leaking its Github repository, which contains the API's source code. The repository is leaking not only the APIs source code but also the JWT key and their database credentials.

Therefore, unauthorized users could gain access to sensitive information via the API using the data leaked via Github.

To date, the vulnerability has not been fixed.

Lina Romero

Viktor Markopoulos

Security Researcher

Browse all posts

October 22, 2024

FireTail Joins Wiz Integration (WIN) Platform

Technology Partnership Enables Mutual Customers to Reduce Cloud Risk and Enhance API Security



October 16, 2024

Disclosure: Multiple Vulnerabilities in Granicus eFiling Platform

Granicus, a platform offering government solutions including an efiling platform called eUniversa, was recently discovered to be vulnerable to outside attack.



October 16, 2024

Star Health Data Leak: The Call is Coming from Inside the House

Star Health suffered a massive data leak via API access. The personal information of millions of victims has been compromised, and worst of all, there may have been an insider who facilitated the breach.

