Primakon Pi Portal Unauthorized Data Exposure Vulnerability in User Management API

Vulnerability

A vulnerability in the Primakon Pi Portal version 1.0.18 has been identified in the /api/v2/users endpoint. This vulnerability allows for unauthorized data exposure due to inadequate access control. Any authenticated user, regardless of privilege level, can send a GET request to this endpoint and access a complete list of all registered users within the application. Alarmingly, the API response includes password hashes, posing a significant security risk.

Impact

Exploitation of this vulnerability leads to unauthorized access to sensitive user data, including password hashes, which could be used for further attacks such as password cracking or unauthorized account access.

Added: Nov 25, 2025, 5:17 PM

Updated: Nov 25, 2025, 10:52 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

0.0

relevance

1.1

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

0.0

relevance

1.1

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Primakon Pi Portal Unauthorized Data Exposure Vulnerability in User Management API

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating