Beanstalk Notion
Beanstalk Notion
/
🪲
Bug Reports
/
BIC Notes
/
📄
Report #33410
📄

Report #33410

Report Date
July 19, 2024
Status
Closed
Payout

Exposed Login & Password for ETH RPC

‣
Report Info

Report ID

#33410

Report type

Websites and Applications

Has PoC?

Yes

Target

https://app.bean.money

Impacts

Exposed Login and Password

Description

Login and password for Ethereum RPC exposed

rpc: ["https://rpc.ankr.com/eth", { url: "https://api-geth-archive.ankr.com", user: "balancer_user", password: "balancerAnkr20201015"

Link to affected asset: https://app.bean.money/assets/vendor-DOke2B5y.js

Immunefi Response

Immunefi has reviewed this vulnerability report and decided to close since being out of scope for Beanstalk bug bounty program.
  • claimed impact by the whitehat is not in scope for the bug bounty program
  • claimed asset by the whitehat is in scope for the bug bounty program
  • claimed severity is not in scope for the bug bounty program

The project will now be automatically subscribed and receive a report of the closed submission and can evaluate if they are interested in re-opening it. However, note that they are not under any obligation to do so.