all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

CVE-2023–24044:Host Header Injection on the Login page of Plesk Obsidian

Add to bookmarks
April 10, 2023, 10:20 a.m. | ASWIN K V

System Weakness - Medium systemweakness.com

Host header injection issue on the login page of Plesk Obsidian through 18.0.49 allows attackers to redirect users to malicious websites.

screenshot by Author

During testing, it was determined that the Plesk Obsidian Login page is vulnerable to Host Header Injection attacks.

An attacker can utilise the Host request header to reroute customers to a malicious website rather than the official Plesk login page.

This vulnerability may be used to steal user credentials or to infect the victim’s machine with …

bug bounty cve cybersecurity hacking header host injection login obsidian programming web3

Visit resource

More from systemweakness.com / System Weakness - Medium

IDOR Attacks Demystified: How They Work and How to Prevent Them 16 hours ago | systemweakness.com
attacks business compromise confidentiality +13
How does Single Sign-on (SSO) interact with Active Directory (AD) and Outlook? 16 hours ago | systemweakness.com
access active directory applications authentication +15
OSI Model & TCP/IP Comparison 16 hours ago | systemweakness.com
access communication deals frameworks +14
First AD home lab 1 day, 13 hours ago | systemweakness.com
access active directory building can +17
3 Steps to protect yourself from Prompt Injection 1 day, 13 hours ago | systemweakness.com
prompt-engineering prompt injection security
Clocky | TryHackMe Write-up 2 days, 11 hours ago | systemweakness.com
ctf ctf-writeup tryhackme tryhackme-walkthrough +1
Bypassing Aquatone’s lack of ability to take screenshots of private websites 2 days, 11 hours ago | systemweakness.com
automation cybersecurity hacking pentesting +1
Tuesday Morning Threat Report: Apr 30, 2024 2 days, 11 hours ago | systemweakness.com
analysis artificial intelligence bad customers +21
Staying Anonymous — Ethical Hacking as a Beginner [09] 2 days, 11 hours ago | systemweakness.com
anonymous beginner communication cybersecurity +22

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Security Specialist

@ Nestlé | St. Louis, MO, US, 63164
View on infosec-jobs.com

Cybersecurity Analyst

@ Dana Incorporated | Pune, MH, IN, 411057
View on infosec-jobs.com

Sr. Application Security Engineer

@ CyberCube | United States
View on infosec-jobs.com

Linux DevSecOps Administrator (Remote)

@ Accenture Federal Services | Arlington, VA
View on infosec-jobs.com

Cyber Security Intern or Co-op

@ Langan | Parsippany, NJ, US, 07054-2172
View on infosec-jobs.com

Security Advocate - Application Security

@ Datadog | New York, USA, Remote
View on infosec-jobs.com
View more jobs