Product
medium
advisory
AzuraCast Account Takeover via X-Forwarded-Host Poisoning
2 rules 3 TTPs 2 IOCsAzuraCast is vulnerable to password reset poisoning due to unconditionally trusting the X-Forwarded-Host header, allowing an attacker to inject a malicious host into the password reset URL, exfiltrate the reset token, reset the victim's password, and disable 2FA, leading to account takeover.
azuracast +2
account takeover
x-forwarded-host
password reset poisoning
2r
3t
2i
medium
advisory
AzuraCast Account Takeover via X-Forwarded-Host Poisoning
2 rules 3 TTPs 2 IOCsAzuraCast is vulnerable to password reset poisoning due to unconditionally trusting the X-Forwarded-Host header, allowing an attacker to inject a malicious host into the password reset URL, exfiltrate the reset token, reset the victim's password, and disable 2FA, leading to account takeover.
azuracast +2
account takeover
x-forwarded-host
password reset poisoning
2r
3t
2i