AutoBizLine MySecondLine App Incorrect Access Control Vulnerability Allowing Unauthorized User Data Access and Account Hijacking

An authorization bypass vulnerability has been identified in the AutoBizLine MySecondLine app, version 1.2.91. The issue arises from an incomplete verification mechanism in the application's user profile information retrieval endpoint. This flaw allows attackers to log in as other users and gain unauthorized access to their personal information. Exploitation involves altering the email field in a request and using a token that only needs to match the first character of the actual token, bypassing authentication and accessing sensitive user data.

Impact

Exploitation of this vulnerability exposes personal user data, allows unauthorized access to user accounts, and facilitates account hijacking.

Reproduction

To reproduce this vulnerability, launch the MySecondLine app and capture network traffic. Send a request to the 'get_user' endpoint for your own account to obtain the request format and authorization token. Then, modify the request to target another user's email, replacing the authorization token with a truncated version that only matches the first character of the target user's real token. After sending the modified request, the server will respond with the target user's profile data, confirming unauthorized access.