Open Akira1906 opened 6 months ago
The API exposes the primary keys of chatrooms, and because they are just enumerated one can guess the other primary keys. Fix with UUID.
OWASP API1:2023 - Broken Object Level Authorization
The API exposes the primary keys of chatrooms, and because they are just enumerated one can guess the other primary keys. Fix with UUID.
OWASP API1:2023 - Broken Object Level Authorization