ON24 Authorization Bypass Vulnerability in Q&A Chat Allowing Data Enumeration

A vulnerability has been identified in the ON24 engagement platform's Q&A chat feature, specifically within the 'console-survey/api/v1/answer/{EVENTID}/{TIMESTAMP}/' endpoint. This vulnerability allows for authorization bypass through user-controlled keys, enabling unauthenticated attackers to enumerate event IDs and access the complete Q&A history. The exposed data may contain sensitive information such as IDs, private URLs, messages, internal references, and other details meant for authenticated users only. Furthermore, the leaked content could be used to conduct reconnaissance for lateral movement, exploit related systems, or gain unauthorized access to internal applications mentioned in chat messages.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive Q&A chat data, including private messages and internal references, which could be used to facilitate further malicious activities such as lateral movement or exploitation of related systems.