API security
-
[Vulnerability Warning] Unauthorized vulnerability in the API interface of the private version of Enterprise WeChat
Recently, a backend API execution permission vulnerability in the historical version of enterprise WeChat privatization was discovered. An attacker can obtain address book information and application permissions by sending specific messages. Through the API with vulnerability risk, https://cncso.com/cgi- The bin/gateway/agentinfo interface can directly obtain sensitive information such as corporate WeChat secrets without authorization, which can lead to the acquisition of all corporate WeChat data, file acquisition, and the use of corporate WeChat light applications to send phishing files and links within the enterprise.