IDOR allow access to payments data of any user - nordsecurity

Program: Nord VPN Bug Type: IDOR Bounty: Unspecified Date: 2019-12-04

IDOR PII-leak sensitive-data broken-access-control

Summary

A Researcher found a vulnerable API endpoint - /api/v1/orders in domain.nordvpn.com that is accessible without auth and will return the transaction details of the user. The API endpoint had a json key called "user_id" that accepted a numerical id, changing the value to any higher or lower id will return the transaction detail of another user.

References

https://hackerone.com/reports/751577

← Back to Reports