HC's Capture the Flag website
CTF Contests
25C3-CTF
25C3-CTF final results
Advisory #9
From team h4ck!nb3rg
New advisory by : fid
Affected service(s): VDspi
Severity [lmh] : high
===== Problem =====
Flags a saved as comment in a record and can read out without authentification by everyone
===== Impact =====
===== Fix =====
restrict the access with username and password
Rating
[0] absence of user/pass authentication is by design