writeups.xyz / How 1 Exposed Honeywell API Gave us Control Over an Internal Engineering System

Submitter : c2a

Date: 19 August 2024

Bounty : undisclosed

Vulnerabilities :

• Missing Authentication
• Information Disclosure
• Broken Authorization
• Account Takeover

Programs :

• Honeywell

Authors :

• Eaton Z. (@XeEaton)

Link :
https://www.traceable.ai/blog-post/how-1-exposed-honeywell-api-gave-us-control-over-an-internal-engineering-system