Default Workspace ID is same as the User ID increased by 1
July 23, 2020
|Asset||API Base Endpoint v1|
|Reported at||July 13, 2020|
|Weakness||CWE 341 - Predictable from Observable State|
Default Workspace ID is the same as the User ID increased by 1, which enables an attacker to conclude the default Workspace ID just by knowing User ID.
Impact - User ID can be obtained when inviting the user. From there, an attacker could potentially use other exploits to get sensitive data.
Step by step - Scenario
- Compare the User ID and Workspace ID from request and response.
User ID and default Workspace ID should not be related.
A valid API key is required.