Vulnerability Key Information Vulnerability Description Issue: The Free5gc Web console uses the default username without requiring a password or authentication. By using this username as the token header, the following information can be leaked: - Registered user information (plmnID, ueId) - Subscriber information (AccessType, CmState, Guti, Mcc, Mnc, Dnn, PduSessionId, Sd, SmContextRef, Sst, Supi, Tac) - Tenant and user information Reproduction Steps Leak subscriber list: Retrieve registered user information using IMSI: Leak tenant information: Retrieve user information for a specific tenant using tenant ID: Environment Free5GC Version: v3.2.1 Operating System: Ubuntu 22.04 Risk and Impact Risk: Infrastructure Information Leak (RISK_INFRASTRUCTURE_INFO_LEAK) Impact: Technical Impact - Information Disclosure (TECH_IMPACT_INFO_DISCLOSURE) CVSS Assessment: CVSS Base Score: 7.5 Impact Subscore: 3.6 Exploitability Subscore: 3.9 CVSS Temporal Score: 7.5 CVSS Environmental Score: 7.5 CVSS V3 Vector: (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:X/RL:X/RC:X) Recommended Fix Consider generating a complex random token with an expiration time. Discussion Some developers argue that this is not a vulnerability but a feature, noting that Free5GC is primarily intended for educational and research purposes. However, other users believe this configuration poses security risks, especially when deployed in production environments. The development team has acknowledged the vulnerability and plans to fix it.