Version 3.0.7 of the Securly Chrome Extension exposes multiple publicly accessible endpoints that allow unauthenticated access to sensitive data. The exposed information consists of SHA-1 hashes that are inadequately obfuscated using a simple Caesar cipher, which can be easily reversed to recover the original hash values and access the protected data.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NSecurly
APPSecurly3.0.7
Related vulnerabilities
Version 3.0.7 of the Securly Chrome Extension downloads JSON files containing crisis alert keywords and filter...
Version 3.0.7 of the Securly Chrome Extension contains hardcoded, plaintext AES passphrases in securly.min.js....
Version 3.0.7 of the Securly Chrome Extension dynamically registers content13.min.js as a content script via c...
Version 3.0.7 of the Securly Chrome Extension uses EVP_BytesToKey key derivation with MD5 and a single iterati...
Version 3.0.7 of the Securly Chrome Extension downloads config.json over HTTP and compiles server-provided pat...