CyberIC Platform
Check Point CloudGuard
KATIM Secure Communications / Digital14 Cyber Defense
Subtotal: $110 . 000 , 00
Preventing unauthorized access of sensitive supplier data by mitigating an IDOR
vulnerability in the Supplier Registration Portal of a vendor for a real estate major
CloudSEK SVigil discovered an Insecure Direct Object Reference (IDOR)
vulnerability on the Supplier Registration Portal of a vendor for a major real estate
company. This vulnerability allowed authenticated users to manipulate query
parameters and access unauthorized data, including confidential documents such as
company profiles, trade licenses, and NDAs.
It also exposed sensitive information, including Personally Identifiable Information
(PII) and critical business documents related to supplier operations.
The vulnerabilities allowed unauthorized access to Personally Identifiable
Information (PII) and confidential documents. Exposure of documents without
adequate authentication protocols increased the risk of identity theft and fraudulent
activities.
The security breach jeopardized the company’s reputation and relationships with
suppliers, potentially impacting operational efficiency and growth.
CloudSEK SVigil promptly identified and addressed the IDOR vulnerability in the
vendor’s system, ensuring that sensitive data was protected and access was
restricted.
CloudSEK SVigil discovered the compromised credentials associated with the HR
portal.
• The compromised credentials could allow threat actors to gain unauthorized access to the ticketing dashboard, potentially exposing sensitive data and internal infrastructure.
• The analysis revealed that attackers could use the admin access to reset passwords, access support tickets, and manipulate employee data.
• Invalidate the compromised credentials and notify the affected employee about the breach
• Secure the HR portal by implementing stronger authentication and access controls
• Conduct a thorough review of the affected systems to identify and secure any additional vulnerabilities
• Conduct regular security audits and code reviews to ensure ongoing protection.
• Strengthen security policies and educate employees on best practices for handling sensitive information.
• Implement multi-factor authentication (MFA) and secure storage solutions for credentials.
