alwaysdata All Projects: Tasklist

Advanced

Miscellaneous Search in comments Search details Search for all words Tasks I watch Tasks not blocking other tasks Tasks blocking other tasks Blocker or nonblocker, selecting both filter options doesn't make sense. Has attachment Hide SubTasks

Task Properties

Task Type

Severity

Priority

Due In Version

Reported Version

Category

Status

Percent Complete

Users Opened by Assigned To Closed by

Dates

Due from to

Changed from to

Opened from to

Closed from to

ID	Status	Summary	Opened by
~~260~~	Closed	~~BUG BOUNTY REPORT — Exposure of alwaysdata.com Credenti~~ ...	heller452	Task Description Title Critical Exposure of alwaysdata.com User Credentials via Alien TxtBase (Plaintext Passwords, Emails & Phone Numbers) URL Multiple alwaysdata endpoints are present in the leak, including: https://alwaysdata.com/ https://alwaysdata.com/fr/inscription https://alwaysdata.com/fr/inscription/ https://alwaysdata.com/en/register https://alwaysdata.com/en/register/ https://alwaysdata.com/en/signup/account/ https://alwaysdata.com/fr/signup/account/ https://alwaysdata.com/fr/signup/ https://alwaysdata.com/en/marketplace/bookstack/ Evidence spread across all uploaded LeakBase / Alien TxtBase HTML files. Description The uploaded Alien TxtBase datasets show large-scale exposure of alwaysdata.com account credentials, collected by infostealer malware that steals browser-saved logins. Across all the files, there are hundreds of entries for alwaysdata.com, including: Emails (Gmail, Hotmail, Yahoo, corporate domains, etc.) Plaintext passwords Nicknames / device usernames Phone numbers in some entries Direct registration and signup URLs on alwaysdata.com Examples of leaked patterns (all values redacted here): Email + password + registration link, e.g.: Email: …@gmail.com / Password: Fahendrena / Link: alwaysdata.com/fr/inscription 5202727960 Password + nick + registration URL (no email), e.g.: Password: Footballclub972 / Nick: nathanv / Link: alwaysdata.com 5202727960 Email + password + /en/register or /fr/signup/account URLs, e.g. multiple developer / project owner accounts Entries including phone number and “App: alwaysdata.com” metadata The data confirms that real alwaysdata.com user accounts, including hosting users, developers and small businesses, have their credentials exposed in plaintext in a public leak collection. While the initial compromise is on user devices (infostealers), the effect is a direct, ongoing compromise of alwaysdata.com accounts, as the credentials are valid and can be reused by attackers at any time. Impact Severity: CRITICAL 1. Full Account Takeover (ATO) Attackers can use any email/password pair from the logs to log into alwaysdata.com and: Access hosting control panels for websites and apps Modify or delete customer sites Inject malicious content, phishing pages, or malware Change account email, password, and billing details Because passwords are in clear text, there is no need for cracking or guessing. 2. Website & Application Compromise As alwaysdata is a hosting provider, compromised accounts may be: Production sites for individuals, startups, and small businesses Internal dashboards or admin panels Hosted APIs or backends This allows attackers to: Deface or replace websites Steal data from web applications Use compromised infrastructure for further attacks (phishing, malware hosting, C2, etc.) 3. Reputational & Legal Risk Leaked credentials include: Emails Passwords In some cases, phone numbers This exposes alwaysdata users to: Identity theft Targeted phishing Credential reuse on other services It may also create privacy and regulatory exposure for alwaysdata if not addressed (e.g., GDPR if EU users are affected). 4. Ongoing Automated Exploitation Alien TxtBase: Is widely shared through Telegram breach channels Is integrated into OSINT and credential-stuffing tools Is resold on dark-web marketplaces This means alwaysdata.com accounts will be continuously targeted, not just once. Evidence (Redacted) Representative examples from the uploaded leak files (all real, but anonymized): Email: <redacted>@gmail.com Password: Link: alwaysdata.com/en/register/ 5202727960 Password: Nick: Powerbyte Link: alwaysdata.com/fr/signup/account/ Email: <redacted>@hotmail.com Password: Link: alwaysdata.com/fr/inscription/ Email: <redacted>@gmail.com Telephone: <redacted> App: alwaysdata.com No raw passwords, emails or phone numbers are reproduced in this report. Recommendation Immediate Force password reset for all alwaysdata.com accounts whose credentials appear in Alien TxtBase. Invalidate active sessions and login cookies for those users. Alert affected users and advise them to: Clean their devices of infostealer malware Change reused passwords on other platforms. Short-Term Implement breached-password protection: Block login with passwords known to be exposed in public leaks (including Alien TxtBase). Enforce or strongly encourage MFA for all alwaysdata accounts. Add rate limiting and bot protection on login, signup and password reset endpoints. Monitor for abnormal login patterns from known bad IP ranges or TOR exit nodes. Long-Term Move toward passwordless authentication (WebAuthn / security keys) for control-panel access. Deploy continuous dark-web / Telegram breach monitoring for “alwaysdata.com” credentials. Provide security guidance for customers (blog / documentation) on: Risks of storing passwords in browsers Infostealer malware Using password managers and MFA.
80	Closed	~~Bug bounty - MTA-STS Record Not Found for Domain~~	heller452	Task Description Bug Bounty Report Title: MTA-STS Record Not Found for Domain Severity: High Summary: The domain alwaysdata.com does not have an MTA-STS (Mail Transfer Agent Strict Transport Security) record configured. MTA-STS is a critical security mechanism that enforces secure connections between mail servers, preventing Man-in-the-Middle (MitM) attacks and enhancing email security. The absence of this record leaves the domain vulnerable to potential interception and tampering of email communications, posing a significant risk to the confidentiality and integrity of sensitive information. Description: Upon conducting a security assessment, it was observed that the domain alwaysdata.com lacks an MTA-STS record in its DNS configuration. MTA-STS is a crucial security protocol that ensures secure communication channels between mail servers, thereby mitigating the risk of interception and tampering of email traffic. In the absence of an MTA-STS record, malicious actors could exploit vulnerabilities in email transmission, potentially intercepting sensitive information exchanged between servers. This vulnerability exposes the domain to various security threats, including but not limited to Man-in-the-Middle attacks, eavesdropping, and unauthorized access to confidential data. Steps to Reproduce: Go to the MTA-STS TXT record checker tool https://easydmarc.com/tools/mta-sts-check?domain= Observe the absence of an MTA-STS TXT record. Verify that the domain's DNS configuration does not include any MTA-STS policies. Impact: The absence of an MTA-STS record for the domain alwaysdata.com has the following impacts: Security Risk: Without MTA-STS, email communications are vulnerable to interception and tampering by malicious entities, compromising the confidentiality and integrity of sensitive information. MitM Attacks: Attackers could exploit the lack of secure communication channels to intercept emails, leading to potential data breaches and unauthorized access to confidential data. Compliance Concerns: Non-compliance with industry standards and best practices regarding email security, potentially leading to regulatory penalties and reputational damage. Recommendations: Implement MTA-STS: Configure an MTA-STS policy for the domain alwaysdata.com following the specifications outlined in RFC 8461 to enforce secure communication between mail servers. Enable TLS Encryption: Ensure that TLS encryption is enabled and properly configured on mail servers to further enhance email security. Regular Monitoring: Conduct regular audits and monitoring of DNS configurations to identify and address any security vulnerabilities promptly. Educate Users: Raise awareness among domain administrators and users about the importance of email security practices, including the significance of implementing MTA-STS. Proof of Concept (PoC): The absence of an MTA-STS record for the domain alwaysdata.com can be verified by performing a DNS lookup for the MTA-STS policy. The lack of an MTA-STS TXT record in the DNS configuration confirms the vulnerability. Additional Notes: It is imperative to prioritize the implementation of MTA-STS for the domain alwaysdata.com to mitigate the identified security risk effectively. Failure to address this issue promptly could result in severe consequences, including data breaches and compliance violations. Thank you , Sanjith Roshan U Security Researcher POC DRIVE LINK:https://drive.google.com/file/d/1mERA_7qmeQ8bRAYuUZFRsuYJqAmm3CgO/view?usp=sharing
79	Closed	~~Nginx version leaking Information Disclosure~~	heller452	Task Description Dear Security Team, Introduction: I hope this message finds you well. I am reaching out to bring to your attention a Critical severity issue that has been identified during my recent assessment: Information Disclosure Vulnerability Report. The details of the vulnerability can be found in the comprehensive report provided below. Vulnerability Name: NGINX Version 1.14.2 Leaking Vulnerability Description: The NGINX Server Version Information Leakage Vulnerability exposes sensitive server version details, potentially aiding malicious actors in crafting targeted attacks against vulnerable systems. By exploiting this vulnerability, attackers can ascertain specific NGINX server versions running on target hosts, facilitating the identification of potential security weaknesses or outdated software versions susceptible to known exploits. This information disclosure could lead to unauthorized access, data breaches, or system compromise, posing significant risks to affected organizations' security posture and integrity of their web infrastructure. Steps To Reproduce: 1. http://overlord2.alwaysdata.com go to this url and intercept this request (In my case: Burp-Suite). 2. Send this request to repeater & Observe Response. http://overlord2.alwaysdata.com: Server: nginx/1.14.2 Reference :- https://www.cybersecurity-help.cz/vdb/SB2021052543 www.securityspace.com/smysecure/catid.html?id=1.3.6.1.4.1.25623.1.0.143920 Impact: Malicious actors could craft targeted attacks against vulnerable systems. The NGINX server version leaking vulnerability exposes organizations to significant risks: Security Breaches: Attackers can exploit version leakage to identify known vulnerabilities in specific NGINX versions, facilitating targeted attacks. Information Disclosure: Exposing server versions enables attackers to gather intelligence about the server environment, potentially leading to further exploitation or unauthorized access. System Compromise: Malicious actors can exploit this vulnerability to launch attacks tailored to specific NGINX versions, potentially leading to system compromise, data theft, or disruption of services. Mitigation: 1. Update NGINX: Regularly update NGINX to the latest stable version to patch known vulnerabilities and reduce the risk of exploitation. 2. Remove Server Tokens: Configure NGINX to hide version information from HTTP response headers using the server_tokens directive. 3. Security Hardening: Implement security measures like Web Application Firewalls (WAFs) and Intrusion Detection Systems (IDS) to monitor and filter malicious traffic targeting NGINX servers. 4. Error Page Customization: Customize error pages to provide minimal information to potential attackers, avoiding disclosure of server version information. 5. Limit Information Exposure: Minimize information exposure by configuring NGINX to reveal only necessary details in error messages and server responses. I am committed to assisting you in addressing this issue promptly. Please feel free to contact me for any clarification or assistance in implementing the recommended mitigation measures. Thank you for your attention to this matter, and I look forward to your prompt action in securing your website. Best regards, Sanjith Roshan U Security Researcher

Status

Summary

Opened by

~~260~~

Closed

~~BUG BOUNTY REPORT — Exposure of alwaysdata.com Credenti~~ ...

heller452

Task Description

Title

Critical Exposure of alwaysdata.com User Credentials via Alien TxtBase (Plaintext Passwords, Emails & Phone Numbers)

URL

Multiple alwaysdata endpoints are present in the leak, including:

https://alwaysdata.com/

https://alwaysdata.com/fr/inscription

https://alwaysdata.com/fr/inscription/

https://alwaysdata.com/en/register

https://alwaysdata.com/en/register/

https://alwaysdata.com/en/signup/account/

https://alwaysdata.com/fr/signup/account/

https://alwaysdata.com/fr/signup/

https://alwaysdata.com/en/marketplace/bookstack/

Evidence spread across all uploaded LeakBase / Alien TxtBase HTML files.

Description

The uploaded Alien TxtBase datasets show large-scale exposure of alwaysdata.com account credentials, collected by infostealer malware that steals browser-saved logins.

Across all the files, there are hundreds of entries for alwaysdata.com, including:

Emails (Gmail, Hotmail, Yahoo, corporate domains, etc.)

Plaintext passwords

Nicknames / device usernames

Phone numbers in some entries

Direct registration and signup URLs on alwaysdata.com

Examples of leaked patterns (all values redacted here):

Email + password + registration link, e.g.:
Email: …@gmail.com / Password: Fahendrena / Link: alwaysdata.com/fr/inscription

5202727960

Password + nick + registration URL (no email), e.g.:
Password: Footballclub972 / Nick: nathanv / Link: alwaysdata.com

5202727960

Email + password + /en/register or /fr/signup/account URLs, e.g. multiple developer / project owner accounts

Entries including phone number and “App: alwaysdata.com” metadata

The data confirms that real alwaysdata.com user accounts, including hosting users, developers and small businesses, have their credentials exposed in plaintext in a public leak collection.

While the initial compromise is on user devices (infostealers), the effect is a direct, ongoing compromise of alwaysdata.com accounts, as the credentials are valid and can be reused by attackers at any time.

Impact

Severity: CRITICAL

1. Full Account Takeover (ATO)

Attackers can use any email/password pair from the logs to log into alwaysdata.com and:

Access hosting control panels for websites and apps

Modify or delete customer sites

Inject malicious content, phishing pages, or malware

Change account email, password, and billing details

Because passwords are in clear text, there is no need for cracking or guessing.

2. Website & Application Compromise

As alwaysdata is a hosting provider, compromised accounts may be:

Production sites for individuals, startups, and small businesses

Internal dashboards or admin panels

Hosted APIs or backends

This allows attackers to:

Deface or replace websites

Steal data from web applications

Use compromised infrastructure for further attacks (phishing, malware hosting, C2, etc.)

3. Reputational & Legal Risk

Leaked credentials include:

Emails

Passwords

In some cases, phone numbers

This exposes alwaysdata users to:

Identity theft

Targeted phishing

Credential reuse on other services

It may also create privacy and regulatory exposure for alwaysdata if not addressed (e.g., GDPR if EU users are affected).

4. Ongoing Automated Exploitation

Alien TxtBase:

Is widely shared through Telegram breach channels

Is integrated into OSINT and credential-stuffing tools

Is resold on dark-web marketplaces

This means alwaysdata.com accounts will be continuously targeted, not just once.

Evidence (Redacted)

Representative examples from the uploaded leak files (all real, but anonymized):

Email: <redacted>@gmail.com Password: Link: alwaysdata.com/en/register/

5202727960

Password: Nick: Powerbyte
Link: alwaysdata.com/fr/signup/account/

Email: <redacted>@hotmail.com Password: Link: alwaysdata.com/fr/inscription/

Email: <redacted>@gmail.com Telephone: <redacted>
App: alwaysdata.com

No raw passwords, emails or phone numbers are reproduced in this report.

Recommendation
Immediate

Force password reset for all alwaysdata.com accounts whose credentials appear in Alien TxtBase.

Invalidate active sessions and login cookies for those users.

Alert affected users and advise them to:

Clean their devices of infostealer malware

Change reused passwords on other platforms.

Short-Term

Implement breached-password protection:

Block login with passwords known to be exposed in public leaks (including Alien TxtBase).

Enforce or strongly encourage MFA for all alwaysdata accounts.

Add rate limiting and bot protection on login, signup and password reset endpoints.

Monitor for abnormal login patterns from known bad IP ranges or TOR exit nodes.

Long-Term

Move toward passwordless authentication (WebAuthn / security keys) for control-panel access.

Deploy continuous dark-web / Telegram breach monitoring for “alwaysdata.com” credentials.

Provide security guidance for customers (blog / documentation) on:

Risks of storing passwords in browsers

Infostealer malware

Using password managers and MFA.

Closed

~~Bug bounty - MTA-STS Record Not Found for Domain~~

heller452

Task Description

Bug Bounty Report

Title: MTA-STS Record Not Found for Domain

Severity: High

Summary: The domain alwaysdata.com does not have an MTA-STS (Mail Transfer Agent Strict Transport Security) record configured. MTA-STS is a critical security mechanism that enforces secure connections between mail servers, preventing Man-in-the-Middle (MitM) attacks and enhancing email security. The absence of this record leaves the domain vulnerable to potential interception and tampering of email communications, posing a significant risk to the confidentiality and integrity of sensitive information.

Description: Upon conducting a security assessment, it was observed that the domain alwaysdata.com lacks an MTA-STS record in its DNS configuration. MTA-STS is a crucial security protocol that ensures secure communication channels between mail servers, thereby mitigating the risk of interception and tampering of email traffic.

In the absence of an MTA-STS record, malicious actors could exploit vulnerabilities in email transmission, potentially intercepting sensitive information exchanged between servers. This vulnerability exposes the domain to various security threats, including but not limited to Man-in-the-Middle attacks, eavesdropping, and unauthorized access to confidential data.

Steps to Reproduce:

Go to the MTA-STS TXT record checker tool https://easydmarc.com/tools/mta-sts-check?domain= Observe the absence of an MTA-STS TXT record.
Verify that the domain's DNS configuration does not include any MTA-STS policies.
Impact: The absence of an MTA-STS record for the domain alwaysdata.com has the following impacts:

Security Risk: Without MTA-STS, email communications are vulnerable to interception and tampering by malicious entities, compromising the confidentiality and integrity of sensitive information.
MitM Attacks: Attackers could exploit the lack of secure communication channels to intercept emails, leading to potential data breaches and unauthorized access to confidential data.
Compliance Concerns: Non-compliance with industry standards and best practices regarding email security, potentially leading to regulatory penalties and reputational damage.
Recommendations:

Implement MTA-STS: Configure an MTA-STS policy for the domain alwaysdata.com following the specifications outlined in RFC 8461 to enforce secure communication between mail servers.
Enable TLS Encryption: Ensure that TLS encryption is enabled and properly configured on mail servers to further enhance email security.
Regular Monitoring: Conduct regular audits and monitoring of DNS configurations to identify and address any security vulnerabilities promptly.
Educate Users: Raise awareness among domain administrators and users about the importance of email security practices, including the significance of implementing MTA-STS.
Proof of Concept (PoC): The absence of an MTA-STS record for the domain alwaysdata.com can be verified by performing a DNS lookup for the MTA-STS policy. The lack of an MTA-STS TXT record in the DNS configuration confirms the vulnerability.

Additional Notes: It is imperative to prioritize the implementation of MTA-STS for the domain alwaysdata.com to mitigate the identified security risk effectively. Failure to address this issue promptly could result in severe consequences, including data breaches and compliance violations.

Thank you ,

Sanjith Roshan U

Security Researcher

POC DRIVE LINK:https://drive.google.com/file/d/1mERA_7qmeQ8bRAYuUZFRsuYJqAmm3CgO/view?usp=sharing

Closed

~~Nginx version leaking Information Disclosure~~

heller452

Task Description

Dear Security Team,

Introduction: I hope this message finds you well. I am reaching out to bring to your attention a Critical severity issue that has been identified during my recent assessment: Information Disclosure Vulnerability Report. The details of the vulnerability can be found in the comprehensive report provided below.

Vulnerability Name: NGINX Version 1.14.2 Leaking

Vulnerability Description: The NGINX Server Version Information Leakage Vulnerability exposes sensitive server version details, potentially aiding malicious actors in crafting targeted attacks against vulnerable systems. By exploiting this vulnerability, attackers can ascertain specific NGINX server versions running on target hosts, facilitating the identification of potential security weaknesses or outdated software versions susceptible to known exploits. This information disclosure could lead to unauthorized access, data breaches, or system compromise, posing significant risks to affected organizations' security posture and integrity of their web infrastructure.

Steps To Reproduce:

1. http://overlord2.alwaysdata.com go to this url and intercept this request (In my case: Burp-Suite).
2. Send this request to repeater & Observe Response.

http://overlord2.alwaysdata.com: Server: nginx/1.14.2

Reference :-
https://www.cybersecurity-help.cz/vdb/SB2021052543 www.securityspace.com/smysecure/catid.html?id=1.3.6.1.4.1.25623.1.0.143920

Impact: Malicious actors could craft targeted attacks against vulnerable systems.

The NGINX server version leaking vulnerability exposes organizations to significant risks:
Security Breaches: Attackers can exploit version leakage to identify known vulnerabilities in specific NGINX versions, facilitating targeted attacks.

Information Disclosure: Exposing server versions enables attackers to gather intelligence about the server environment, potentially leading to further exploitation or unauthorized access.

System Compromise: Malicious actors can exploit this vulnerability to launch attacks tailored to specific NGINX versions, potentially leading to system compromise, data theft, or disruption of services.

Mitigation:

1. Update NGINX: Regularly update NGINX to the latest stable version to patch known vulnerabilities and reduce the risk of exploitation.

2. Remove Server Tokens: Configure NGINX to hide version information from HTTP response headers using the server_tokens directive.

3. Security Hardening: Implement security measures like Web Application Firewalls (WAFs) and Intrusion Detection Systems (IDS) to monitor and filter malicious traffic targeting NGINX servers.

4. Error Page Customization: Customize error pages to provide minimal information to potential attackers, avoiding disclosure of server version information.

5. Limit Information Exposure: Minimize information exposure by configuring NGINX to reveal only necessary details in error messages and server responses.

I am committed to assisting you in addressing this issue promptly. Please feel free to contact me for any clarification or assistance in implementing the recommended mitigation measures.

Thank you for your attention to this matter, and I look forward to your prompt action in securing your website.

Best regards,

Sanjith Roshan U

Security Researcher

Showing tasks 1 - 3 of 3 Page 1 of 1

Keyboard shortcuts

Available keyboard shortcuts

Alt + ⇧ Shift + l Login Dialog / Logout
Alt + ⇧ Shift + a Add new task
Alt + ⇧ Shift + m My searches
Alt + ⇧ Shift + t focus taskid search

Tasklist

o open selected task
j move cursor down
k move cursor up

Task Details

n Next task
p Previous task
Alt + ⇧ Shift + e ↵ Enter Edit this task
Alt + ⇧ Shift + w watch task
Alt + ⇧ Shift + y Close Task

Task Editing

Alt + ⇧ Shift + s save task