Scratch-Coding-Hut Website Authentication Vulnerability Allowing Account Takeover

Vulnerability

An authentication vulnerability has been identified on the Scratch-Coding-Hut.github.io website, which is associated with Coding Hut. The issue arises from a sign-in form that requests Scratch usernames and passwords. This implementation creates a scenario where any user can potentially access another user's account. As of now, no fix has been released, but development of a patch is in progress. In the meantime, users are advised to refrain from signing in.

Impact

Exploitation of this vulnerability allows for unauthorized access to user accounts, enabling an attacker to impersonate the user and potentially access sensitive information or perform actions on their behalf.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

7.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

7.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Scratch-Coding-Hut Website Authentication Vulnerability Allowing Account Takeover

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating