David Cooke

3 exploits Active since Oct 2020
CVE-2021-21329 WRITEUP HIGH WRITEUP
RATCF < 2021-02-26 - Improper Authentication via Multi-Factor Authentication Bypass
RATCF is an open-source framework for hosting Cyber-Security Capture the Flag events. In affected versions of RATCF users with multi factor authentication enabled are able to log in without a valid token. This is fixed in commit cebb67b.
CVSS 8.7
CVE-2020-15235 WRITEUP MEDIUM WRITEUP
ractf/core < 41edf92 - Unauthenticated Exposure of Sensitive Configuration Keys
In RACTF before commit f3dc89b, unauthenticated users are able to get the value of sensitive config keys that would normally be hidden to everyone except admins. All versions after commit f3dc89b9f6ab1544a289b3efc06699b13d63e0bd(3/10/20) are patched.
CVSS 5.9
CVE-2021-21329 WRITEUP HIGH WRITEUP
RATCF < 2021-02-26 - Improper Authentication via Multi-Factor Authentication Bypass
RATCF is an open-source framework for hosting Cyber-Security Capture the Flag events. In affected versions of RATCF users with multi factor authentication enabled are able to log in without a valid token. This is fixed in commit cebb67b.
CVSS 8.7