TCS Information Disclosure Vulnerability

TCS Information Disclosure Vulnerability

TCS Information Disclosure Vulnerability

India India's leading software services and consulting company TCS (Tata Consultancy Services) is not Secure and is Vulnerable to Information Disclosure of Server private IP Address. This Vulnerability is disclosed amd reported by Christy Philip Mathew, an Information Security researcher  from India.

Vulnerable link - " https://supportcentral.tcs.com/login/' " when a user will open Vulnerable URL, TCS domain will redirect that user to :

" https://supportcentral.tcs.com/login/scauth.asp?SC_URL=https%3A%2F%2Fsupportcentral.tcs.com%2Fsup_page_not_found.asp%3F404%3Bhttps%3A%2F%2F192.168.15.51%3A443%2Flogin%2F%27 "

and after analysing the above REDIRECTED URL carefully there is a Server's Private IP Address i.e 192.168.15.51 which can lead to many attacks and can make network Vulnerable.