LeMUN Technologies recently launched their new Face Authentication System, quickly adopted by government agencies for critical access control.

Demo instance of their system was easy to hack, and it seems like they rolled out the same admin account onto all their instances.

Get access to the Government Personal Data Portal protected with their authentication. The vulnerability that is still present on the demo instance, isn’t there on the govt portal.

Hint added at 17:02 UTC — It has been disclosed that LeMUN uses this snippet for their demo request handing: pastebin.com/gQQReVTW