Free Video Downloader

Fast and free all in one video downloader

For Example:


Copy shareable video URL


Paste it into the field


Click to download button

US, Australia cyber agencies warn IDOR security flaws can be exploited ‘at scale’
July 31, 2023

US, Australia cyber agencies warn IDOR security flaws can be exploited ‘at scale’

Reading Time: 2 minutes

U.S. and Australian government cybersecurity agencies are warning that common and easily exploitable security vulnerabilities in websites and web apps can be abused to carry out large-scale data breaches.

In a joint advisory published Thursday, U.S. cybersecurity agency CISA, the National Security Agency and the Australian Cyber Security Centre said that the vulnerabilities, known as insecure direct object references (IDORs), allow malicious hackers to access or modify sensitive data on an organization’s servers because of a lack of proper security checks.

An IDOR vulnerability is like having a key to your mailbox, but that key also allows you to unlock every other mailbox on your street. IDORs can be particularly problematic because, like a row of mailboxes, a bad actor can exploit them sequentially one after the other and access data that they should not be allowed to.

Because these vulnerabilities can often be exploited by enumeration, IDORs can be abused ‘at scale’ using automated tools, the advisory warns.

The joint advisory notes that IDORs have resulted in major data breaches in the United States and overseas.

In recent years, IDORs have resulted in the exposure of thousands of medical documents by a U.S. laboratory giant, a state government website that spilled thousands of taxpayers’ personal information, a college contact-tracing app that leaked COVID-19 vaccination status and a state-backed health app that allowed access to other people’s vaccination data. IDORs also resulted in the mass data spill of hundreds of millions of U.S. mortgage documents, the exposure of the real-time location data of more than a million vehicles from a flawed GPS tracker and the leak of hundreds of thousands of people’s private phone data stolen by a global stalkerware network.

The joint advisory says developers should ensure their web apps perform authentication and authorization checks to reduce IDORs, and that software is secure-by-design, a principle promoted by CISA that urges software makers to bake-in security from the beginning and throughout the software development process.

‘Secure-by-design is a fundamental theme in this advisory. Vendors and developers are encouraged to take appropriate steps to provide products that protect their customers’ sensitive data by design and default,’ said CISA’s Stanley.

Australia’s cyber agency said it continues to observe malicious actors exploiting misconfigured networks.

‘Even a single breach using IDOR vulnerabilities can have a national impact. A malicious actor being able to exfiltrate data could impact critical infrastructure, businesses, government and individuals,’ said Patrick Holmes with the Australian Cyber Security Centre.


Ref: techcrunch -> Free Online Video Downloader, Download Any Video From YouTube, VK, Vimeo, Twitter, Twitch, Tumblr, Tiktok, Telegram, TED, Streamable, Soundcloud, Snapchat, Share, Rumble, Reddit, PuhuTV, Pinterest, Periscope,, MxTakatak, Mixcloud, Mashable, LinkedIn, Likee, Kwai, Izlesene, Instagram, Imgur, IMDB, Ifunny, Gaana, Flickr, Febspot, Facebook, ESPN, Douyin, Dailymotion, Buzzfeed, BluTV, Blogger, Bitchute, Bilibili, Bandcamp, Akıllı, 9GAG

Leave a Reply

Your email address will not be published. Required fields are marked *