Tag: sensitive-information-disclosure

All the articles with the tag "sensitive-information-disclosure".

• HTB Crocodile — The Credential Chain

  9 May, 2026

  HackTheBox Crocodile chains anonymous FTP credential disclosure into a hidden web admin login. Same structural failure shows up in agentic systems when leaked API keys legitimately authenticate into production tool-use endpoints.

• HTB Redeemer — Reading an Agent's Memory

  13 Mar, 2026

  HackTheBox Redeemer exploits unauthenticated Redis to enumerate and extract stored keys. In agentic AI systems, an open Redis instance doesn't just leak cached data — it exposes the agent's working memory, and with write access, lets an attacker inject false context the agent will act on.

• HTB Fawn — The FTP Door Left Open

  9 Mar, 2026

  HackTheBox Fawn exploits anonymous FTP login on vsftpd 3.0.3. The same pattern — a data store designed for openness that was never locked down — maps directly to unauthenticated vector databases in production AI deployments.