Mass Assignment Flaw Exploited for Admin Access via Session Fixation

A mass assignment flaw was exploited in a support access token endpoint to generate a session for an admin account, enabling unauthorized access to the admin dashboard. The attack leveraged weak session management, specifically session fixation, to hijack the admin session. No specific dates, CVE IDs, or affected software versions were mentioned in the report. The impact involved unauthorized access to privileged administrative functions through the compromised session. The vulnerability was demonstrated in the context of support access token functionality. No additional technical details, such as affected organizations or mitigation steps, were provided.