Hi all, Just wanted to share a new story I’ve added to my blog “AppSec Untangled”. This is the 5th episode of a series called “Lessons Learned”
which discusses real-world vulnerabilities from the eyes of an application security engineer, focusing on the underlying root causes of the vulnerability, and the measures we can take to avoid similar issues in our applications.
This episode discusses a write-up by the security researchers Sam Curry and Shubham Shah showing an authentication bypass vulnerability affecting an Admin portal used by internal Subaru employees for various administrative tasks related to the Subaru connected vehicle service.
Hope you find it useful