Payment platforms play a very critical role in an ecommerce workflow. The data handled by these platforms include credit card details, bank account numbers, SSN, email-ids, contact numbers, address and so on. Therefore, it is of utmost importance to secure the payment platform.
Insights
On February 6 2020, NordVPN disclosed a patched security flaw in its payment platform. NordVPN is a part of the Hackerone bug bounty program and it disclosed the patched flaw after one of the security researchers reported the flaw on Hackerone. The vulnerability is rated as severe with a 7-8.9/10 score, according to Hackerone. Basically, the vulnerability provided access to view the user data without any authentication. By sending a straightforward HTTP-POST Request to the NordVPN payments API, it would return a response without any authentication which included sensitive user information. The user data can be easily enumerated by changing the values of id and user_id . Hackers can take advantage of this flaw by developing a script which will enumerate the user_id and send a large number of HTTP POST Request to the vulnerable API. The API would send a positive response for the valid user_id.
Conclusion
This security bug addressed by NordVPN on Hackerone, clearly affects the confidentiality and integrity of the CIA Triad. Confidentiality is compromised when the user information is exposed due to the vulnerable API. Integrity of the data is compromised since the potential attacker has access to the data. He can modify the data as per his will.
References