TFT Gallery Administrator Password Information Disclosure Vulnerability

TFT Gallery Administrator Password Information Disclosure Vulnerability

TFT Gallery is prone to an information-disclosure vulnerability. This issue is due to a failure in the application to do proper access validation before granting access to sensitive and privileged information.

An attacker can exploit this vulnerability to obtain the application's administrative encrypted password. The attacker may then use this to carry out brute-force attacks to gain administrative access.

Information that the attacker obtains may aid in further attacks against the underlying system; other attacks are also possible.