Primary

Context

PozitifIK Pik Online Authorization Bypass Vulnerability Allowing Account Footprinting and Session Hijacking

Vulnerability

A vulnerability in PozitifIK Pik Online, present through March 5, 2025, allows for authorization bypass via user-controlled keys, leading to exposure of private personal information, account footprinting, and session hijacking.

Impact

Exploitation of this vulnerability could result in unauthorized access to user accounts, allowing attackers to hijack sessions and potentially misuse personal information.

Remediation

The vendor has not yet addressed this vulnerability. The National Cyber Incident Response Center (USOM) recommends using an alternative software.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PozitifIK Pik Online Authorization Bypass Vulnerability Allowing Account Footprinting and Session Hijacking

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating