How to find server security misconfiguration leak data users

Hello hackers, in this writeup I’ll share an interesting bug in a private program.

After registering on the website and logging in to my account to start my testmI found an interesting EndPoint this Endpoint returns some information about the account user like Phone number, email, etc...

Okay in this case I tried logout from my account and visited this endpoint gives me a message like this.

This EndPoint needs an access token to give me information about my account, when I intercept a request to see a response I don't find any interesting header, so I asked myself why the web application needs this endpoint.

After this question, I think this website caches this information but hides that.

So I tried sending some requests via intruder in the burp suite on this server to visit this EndPoint without an access token but it was a surprise this endpoint returned information for random users.

Okay, when I saw that I tried sending a request from another browser like Firefox it did not return any information is needed an access token.

what does mean that?

This means misconfiguration in the server when sending requests Via Google Chrome to this EndPoint returned caching information for random users but when doing that via Firefox it doesn't work.

Impact

The impact of the described vulnerability can be significant and can manifest in several ways:

Privacy Breach: The exposure of random user data to unauthorized individuals can result in a severe breach of privacy. Personal information, such as names, email addresses, or profile details, may be revealed to unintended parties. This breach of privacy can lead to reputational damage for the affected users and the organization responsible for the endpoint.

Identity Theft: The availability of diverse user data allows attackers to gather information about multiple individuals. With this data, they can potentially orchestrate identity theft attacks, where they impersonate users or use the acquired information for fraudulent activities. Identity theft can lead to financial losses, damage to personal reputation, and legal issues for the affected users.

Exploitation for Targeted Attacks: Attackers can leverage the exposed random user data to gain insights into users’ profiles and preferences. This information can be exploited to launch targeted attacks, such as spear-phishing campaigns or social engineering attempts. By tailoring their attacks to specific individuals, attackers increase their chances of success.

After that, I wrote a report about this and I wrote these impacts in my report after two days I received mail that this report was resolved but was duplicated.

In summary, always check anything and don't trust any response from the server.

Thanks for reading.