.png)
1 month ago
25 BOOK THIS SPACE FOR AD
ARTICLE AD
In a recent security assessment in one of the cryptocurrency platform API, a vulnerability was discovered that exposes user information through two API endpoints. This vulnerability could allow attackers to obtain detailed personal information about users, including order details and payment information, without proper authorization. This article provides an overview of the identified vulnerability, its implications, and recommended mitigation strategies.
Vulnerability Overview
Affected Endpoints
Endpoint 1: GET /api/v1/redacted1/active
Endpoint 2: GET /api/v1/redacted1/item/:ID/:key
The vulnerability arises from the lack of appropriate authentication and authorization checks on the aforementioned endpoints, which expose sensitive user data to unauthorized access.
Endpoint 1 (/api/v1/redacted1/active):
This endpoint returns sensitive information about user’s latest orders, including order IDs and public keys. Access to this data should be restricted, but it is currently available to anyone without authentication.
Endpoint 2 (/api/v1/redacted/item/:ID/:PublicKey):
Bengali (Bangladesh) · 
English (United States) ·