Exrick xboot Cleartext Storage of Sensitive Information Vulnerability

A vulnerability exists in Exrick xboot versions through 3.3.4, where sensitive user information is stored in cookies in cleartext. This issue is present in an unknown function of the file '/xboot/permission/getMenuList'. The vulnerability can be exploited remotely, although the complexity of the attack is considered high. The stored information includes user ID, username, nickname, mobile number, email address, physical address, gender, avatar URL, and date of birth. If these cookies are intercepted, attackers could use the information for more advanced attacks, such as brute force, social engineering, or phishing.

Impact

Exploitation of this vulnerability leads to the cleartext storage of sensitive user information in cookies, which could be intercepted and misused.

Reproduction

To reproduce this vulnerability, send a GET request to '/xboot/permission/getMenuList' with the 'userInfo' cookie containing encoded sensitive information. This can be decoded to reveal details such as username, email, mobile number, and other personal information.