La nuova immagine di TIM
Una nuova immagine con uno stile dinamico, colori moderni e persone che occupano quasi interamente la scena. Scopri di più
Presentazione dei Risultati H1 2025
Vai alla pagina
La Sostenibilità per TIM
Il Report 2024 accoglie i principi della Corporate Sustainability Reporting Directive (CSRD) ed è incluso nella Relazione Finanziaria e di Sostenibilità. Approfondisci
Ultimi Comunicati Stampa
Leggi gli ultimi comunicati stampa e naviga nell'archivio dell'Ufficio Stampa del Gruppo TIM. Leggi i comunicati
Vulnerability Description: Use of GET Request Method With Sensitive Query Strings - CWE-598
Software Version: 1.6.4
NIST: https://nvd.nist.gov/vuln/detail/CVE-2024-31842
CVSS: 8.8
Severity: High
Credits: Luca Carbone, Fabio Romano, Federico Draghelli, Massimiliano Brolli
The web application inserts the access token of an authenticated user inside GET requests.
Step-by-step instructions and PoC
The query string for the URL could be saved in the browser's history, passed through Referers to other web sites, stored in web logs, or otherwise recorded in other sources. If the query string contains sensitive information such as session identifiers, then attackers can use this information to launch further attacks. Since the access token in sent in GET requests, this vulnerability could lead to complete account takeover.
Below are the evidences with the vulnerability details and the payloads used.
In the following screenshot there is an example of a GET request that contains the access token in the query string. This vulnerability is applicable to almost every functionality of the web application.
Figure 2 - The access token is in the URL of the GET request
Security Impact
An attacker that is able to read the token could access the web application as another user.