ariefnurputranto
commented
2 years ago Hi @BalvinderSingh23 ,
Thanks for your report,
Can you explain by lines of code, numeric ID's what do you mean while creating the room sir?
Closed BalvinderSingh23 closed 2 years ago
ariefnurputranto
commented
2 years ago Hi @BalvinderSingh23 ,
Thanks for your report,
Can you explain by lines of code, numeric ID's what do you mean while creating the room sir?
Description: It has been observed that the application is using numeric IDs while creating a chat room. Benefitting this , if the application is vulnerable to improper authorization vulnerabilities then an attacker can quickly gather the data related to users by enumerating the numeric IDs
Recommendation for our side: Use UUDI’s instead of numeric ID’s while creating the room.