module
Twonky Server Log Leak Authentication Bypass
| Disclosed |
|---|
| N/A |
Disclosed
N/A
Description
This module leverages an authentication bypass in Twonky Server 8.5.2. By exploiting
an authorization flaw to access a privileged web API endpoint and leak application logs,
encrypted administrator credentials are leaked (CVE-2025-13315). The exploit will then decrypt
these credentials using hardcoded keys (CVE-2025-13316) and login as the administrator.
Expected module output is a username and plain text password for the administrator account.
an authorization flaw to access a privileged web API endpoint and leak application logs,
encrypted administrator credentials are leaked (CVE-2025-13315). The exploit will then decrypt
these credentials using hardcoded keys (CVE-2025-13316) and login as the administrator.
Expected module output is a username and plain text password for the administrator account.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.