SECutiee / ScanChat-api

GNU General Public License v3.0
0 stars 0 forks source link

Exposing of primary keys #7

Open Akira1906 opened 6 months ago

Akira1906 commented 6 months ago

The API exposes the primary keys of chatrooms, and because they are just enumerated one can guess the other primary keys. Fix with UUID.

OWASP API1:2023 - Broken Object Level Authorization