Default Workspace ID is same as the User ID increased by 1
| State | Resolved July 23, 2020 |
| Issue ID | 7Yd7iM9Vs |
| Asset | API Base Endpoint v1 |
| Bounty | $100 |
| Reported at | July 13, 2020 |
| Reporter | Undisclosed |
| Severity | Low |
| Visibility | Complete |
| Weakness | CWE 341 - Predictable from Observable State |
Description
Default Workspace ID is the same as the User ID increased by 1, which enables an attacker to conclude the default Workspace ID just by knowing User ID.
Impact - User ID can be obtained when inviting the user. From there, an attacker could potentially use other exploits to get sensitive data.
Step by step - Scenario
- Compare the User ID and Workspace ID from request and response.
Expected
User ID and default Workspace ID should not be related.
Note
A valid API key is required.