Insecure Direct Object Reference (IDOR)
Discription

github.com/drakkan/sftpgo is vulnerable to Insecure Direct Object Reference (IDOR). The vulnerability is due to the lack of proper security measures such as JWT ID (JTI) claims, nonces, and proper expiration and invalidation mechanisms. The vulnerability allows an attacker with a valid intercepted token to access other users’ files and directories by manipulating URL…Read More

Back to Main

Subscribe for the latest news: