According to Gokuleswaran, a Cyber Security Analyst, the vulnerability allowed unauthorized users to access private KYC records by exploiting a flaw in the portal’s URL structure. This breach exemplifies how IDOR vulnerabilities can lead to horizontal privilege escalation, where attackers gain access to other users’ data without proper authorization checks. As India transitions towards digital governance, robust security protocols must be prioritized to safeguard public trust and prevent large-scale data breaches. This breach highlights the critical need for robust security measures in government-operated digital platforms, especially those handling sensitive personal information like Aadhaar and PAN details. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. By incrementing the document_id value (e.g., changing 125678 to 125679), attackers could access other users’ KYC records without authentication or authorization. Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. It recommends using secure tokens instead of direct references in URLs and conducting regular security audits to detect weaknesses. IDOR vulnerabilities occur when applications fail to enforce proper access controls on user-supplied parameters. CERT-In has acknowledged the issue and issued advisories emphasizing secure coding practices to prevent IDOR vulnerabilities. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.
This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 17 Feb 2025 09:45:11 +0000