{"type":"rich","version":"1.0","provider_name":"Transistor","provider_url":"https://transistor.fm","author_name":"Cybersecurity Tech Brief By HackerNoon","title":"One Empty Header to Admin: How an Auth Bypass Breaks OpenBullet2","html":"<iframe width=\"100%\" height=\"180\" frameborder=\"no\" scrolling=\"no\" seamless src=\"https://share.transistor.fm/e/e24042d3\"></iframe>","width":"100%","height":180,"duration":517,"description":"\n        This story was originally published on HackerNoon at: https://hackernoon.com/one-empty-header-to-admin-how-an-auth-bypass-breaks-openbullet2.\n             Five vulnerabilities in OpenBullet2: an empty API key, path traversal, RCE, and an NTLM hash leak. \n            Check more stories related to cybersecurity at: https://hackernoon.com/c/cybersecurity.\n            You can also check exclusive content about #ethical-hacking, #rce, #exploit, #openbullet2, #what-is-openbullet2, #openbullet2-explained, #vulnerabilities, #cybersecurity-awareness,  and more.\n            \n            \n            This story was written by: @vognik. Learn more about this writer by checking @vognik's about page,\n            and for more stories, please visit hackernoon.com.\n            \n                \n                \n                This article walks through 5 CVEs: an empty X-Api-Key header that bypasses authentication by default, arbitrary C# and script-file execution, a wordlist path traversal granting arbitrary file read/write/delete as root, and an NTLMv2 hash leak on Windows.\n        \n        ","thumbnail_url":"https://img.transistorcdn.com/SySK4I0jwuU6AzeawZdYiDqTq8yzBjxJ5qfTpUuAxEo/rs:fill:0:0:1/w:400/h:400/q:60/mb:500000/aHR0cHM6Ly9pbWct/dXBsb2FkLXByb2R1/Y3Rpb24udHJhbnNp/c3Rvci5mbS9zaG93/LzQxMjY2LzE2ODM1/ODIzNTYtYXJ0d29y/ay5qcGc.webp","thumbnail_width":300,"thumbnail_height":300}