Analyzing network traffic captured by sniffing, it was possible to find credentials that were being transmitted in clear text via cookie.

Untitled

To confirm that this was a valid user, an attempt was made to login to the executive portal, where it was possible to confirm the existence of this active user.

Untitled

Thus, we were able to authenticate in the system with the credentials obtained from the cookies.

Untitled