Dippy Insecure Direct Object Reference Vulnerability Allowing Unauthorized Access to Conversation Histories
Vulnerability
An Insecure Direct Object Reference (IDOR) vulnerability has been identified in Dippy (chat.dippy.ai) version 2. This vulnerability allows attackers to access sensitive information by manipulating the conversation_id parameter when requesting data from the conversation_history endpoint. The issue arises because the server does not properly enforce ownership or sharing status of conversation histories, enabling unauthorized access to other users' chats by brute-forcing predictable conversation IDs.
Impact
Exploitation of this vulnerability allows for unauthorized access to and modification of other users' conversation histories on the Dippy platform.
Reproduction
To reproduce this vulnerability, send a GET request to the conversation_history endpoint with an Authorization header. Include a conversation_id that has been brute-forced. The response will contain the conversation history associated with the manipulated conversation_id, demonstrating unauthorized access to another user's chat history.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.