alwaysdata All Projects: Tasklist

	ID	Status	Summary	Opened by
	~~128~~	Closed	~~Sensitive Data Exposure via Wayback Machine Archive~~	Drakon	Task Description Report Summary: I discovered a potential security issue where sensitive data is accessible via a URL archived by the Wayback Machine. The URL exposes an invoice containing personal and financial information, which could be misused if accessed by unauthorized individuals. Details of the Issue: 1.Source of URL: Wayback Machine (Internet Archive) 2.URL: https://admin.alwaysdata.com/billing/337102/pdf/?user_id=150041&token=1657692793-a13e927142b2d5d7f427 3.Exposed Data: 4.Personal Information: Name (Simon Amour), email address (simondiligues@outlook.com). 5.Financial Information: Invoice amount (€100.00), bank account details (IBAN: FR76 1027 8060 4100 0205 8810 110, BIC: CMCIFR2A). 6.Service Details: Public Cloud service (10 GB) for the period 13/07/2022 to 27/07/2023. 7.Reference Numbers: Invoice reference (220713337102), user ID (150041), and token (1657692793-a13e927142b2d5d7f427). Steps to Reproduce: 1.Access the URL via the Wayback Machine. 2.The PDF invoice containing sensitive data is directly accessible without additional authentication. Impact: This issue could lead to unauthorized access to sensitive personal and financial information, potentially resulting in identity theft, financial fraud, or other malicious activities. The fact that this data is archived on a public service like the Wayback Machine increases the risk of exposure.

~~128~~

Closed

~~Sensitive Data Exposure via Wayback Machine Archive~~

Task Description

Report Summary:
I discovered a potential security issue where sensitive data is accessible via a URL archived by the Wayback Machine. The URL exposes an invoice containing personal and financial information, which could be misused if accessed by unauthorized individuals.

Details of the Issue:

1.Source of URL: Wayback Machine (Internet Archive)

2.URL: https://admin.alwaysdata.com/billing/337102/pdf/?user_id=150041&token=1657692793-a13e927142b2d5d7f427

3.Exposed Data:

4.Personal Information: Name (Simon Amour), email address (simondiligues@outlook.com).

5.Financial Information: Invoice amount (€100.00), bank account details (IBAN: FR76 1027 8060 4100 0205 8810 110, BIC: CMCIFR2A).

6.Service Details: Public Cloud service (10 GB) for the period 13/07/2022 to 27/07/2023.

7.Reference Numbers: Invoice reference (220713337102), user ID (150041), and token (1657692793-a13e927142b2d5d7f427).

Steps to Reproduce:

1.Access the URL via the Wayback Machine.

2.The PDF invoice containing sensitive data is directly accessible without additional authentication.

Impact:
This issue could lead to unauthorized access to sensitive personal and financial information, potentially resulting in identity theft, financial fraud, or other malicious activities. The fact that this data is archived on a public service like the Wayback Machine increases the risk of exposure.

Showing tasks 1 - 1 of 1 Page 1 of 1

Available keyboard shortcuts

Alt + ⇧ Shift + l Login Dialog / Logout
Alt + ⇧ Shift + a Add new task
Alt + ⇧ Shift + m My searches
Alt + ⇧ Shift + t focus taskid search

Tasklist

o open selected task
j move cursor down
k move cursor up

Task Details

n Next task
p Previous task
Alt + ⇧ Shift + e ↵ Enter Edit this task
Alt + ⇧ Shift + w watch task
Alt + ⇧ Shift + y Close Task

Task Editing

Alt + ⇧ Shift + s save task