In OpenCPN, each exported route is accessible via a predictable, incrementally number ID in the URL. An attacker who obtains or guesses a single valid export link can enumerate other users’ private routes by incrementing or decrementing the numeric value in the path. This exposes sensitive geographic data, potentially revealing personal addresses, travel patterns, and other private information. Proper access control validation and the use of non-guessable, cryptographically secure identifiers (e.g., UUIDs) should be added.
For example, changing 101277 in the URL to 101273 reveals routes for both users:
https://www.gpsnauticalcharts.com/main/marine-activity-logbook-event/101277/marine-chart-log-event-for-
https://www.gpsnauticalcharts.com/main/marine-activity-logbook-event/101273/marine-chart-log-event-for-
No comments:
Post a Comment