Default Workspace ID is same as the User ID increased by 1

State Resolved
July 23, 2020
Issue ID 7Yd7iM9Vs
Asset API Base Endpoint v1
Bounty $100
Reported at July 13, 2020
Reporter Undisclosed
Severity Low
Visibility Complete
Weakness CWE 341 - Predictable from Observable State

Description

Default Workspace ID is the same as the User ID increased by 1, which enables an attacker to conclude the default Workspace ID just by knowing User ID.
Impact - User ID can be obtained when inviting the user. From there, an attacker could potentially use other exploits to get sensitive data.

Step by step - Scenario

  1. Compare the User ID and Workspace ID from request and response.

Expected

User ID and default Workspace ID should not be related.

Note

A valid API key is required.