Wordpress Users/Admin’s Information Exposure | Bounty : $100
In today’s digitally interconnected world, safeguarding sensitive information is paramount. As a dedicated advocate for online security, my journey led me to the discovery of a critical security vulnerability. In this blog post, I will take you through my experience, from uncovering the vulnerability to its responsible disclosure, and how it underscores the importance of protecting user data.
The Unforeseen Discovery:
My journey began unexpectedly while exploring the website of Registered Agents, Inc. During my exploration, I stumbled upon a vulnerability that had the potential to expose sensitive user information. This vulnerability allowed unauthorized access to admin and author details, potentially enabling malicious actors to exploit the information.
Exposing the Vulnerability:
The security gap lay within a specific API endpoint: https://www.redicted.com/wp-json/wp/v2/users. A simple GET request to this endpoint unveiled user data, including usernames, profile links, and avatars. This security flaw was far from trivial, as the exposed information could be leveraged for various nefarious purposes.
Responsible Disclosure in Practice:
With the vulnerability in my grasp, I recognized the pivotal importance of responsible disclosure. Swiftly, I reported the issue to the website administrators through HackerOne, a reputable platform that facilitates communication between security researchers and organizations to address security concerns.
Resolution and Protective Measures:
I’m thrilled to report that Registered Agents, Inc. responded promptly and responsibly to rectify the situation. They implemented a solution that effectively restricted access to the vulnerable API route, ensuring that unauthorized individuals could no longer access sensitive information. This proactive response not only mitigated the risk but also fortified the security of user data.
Understanding the Significance:
It is imperative to underline the potential repercussions of this vulnerability. Unauthorized access to user information, especially on a platform dealing with sensitive data, could have led to severe breaches of privacy and identity theft. Responsible disclosure played a pivotal role in averting these potential disasters.
The Code Solutions:
Here are the codes that were implemented to secure the vulnerable API route:
Code to restrict access to the users’ endpoint:
add_filter( 'rest_endpoints', function( $endpoints ){
if ( isset( $endpoints['/wp/v2/users'] ) ) {
unset( $endpoints['/wp/v2/users'] );
}
if ( isset( $endpoints['/wp/v2/users/(?P<id>[\d]+)'] ) ) {
unset( $endpoints['/wp/v2/users/(?P<id>[\d]+)'] );
}
return $endpoints;
});Sample User Data Exposed in the Response:
[
{
"id": 1,
"name": "admin",
"url": "",
"description": "",
"link": "https://www.redicted.com/author/admin/",
"slug": "admin",
"avatar_urls": {
"24": "https://secure.gravatar.com/avatar/bb64da6304f38ff73d0e967391044376?s=24&d=mm&r=g",
"48": "https://secure.gravatar.com/avatar/bb64da6304f38ff73d0e967391044376?s=48&d=mm&r=g",
"96": "https://secure.gravatar.com/avatar/bb64da6304f38ff73d0e967391044376?s=96&d=mm&r=g"
},
"meta": [],
"yoast_head": "<!-- This site is optimized with the Yoast SEO plugin v18.1 - https://yoast.com/wordpress/plugins/seo/ -->\n<meta name=\"robots\" content=\"noindex, follow\" />\n<meta property=\"og:locale\" content=\"en_US\" />\n<meta property=\"og:type\" content=\"profile\" />\n<meta property=\"og:title\" content=\"admin, Author at Registered Agents, Inc\" />\n<meta property=\"og:url\" content=\"https://www.redicted.com/author/admin/\" />\n<meta property=\"og:site_name\" content=\"Registered Agents, Inc\" />\n<meta property=\"og:image\" content=\"https://secure.gravatar.com/avatar/bb64da6304f38ff73d0e967391044376?s=500&d=mm&r=g\" />\n<meta name=\"twitter:card\" content=\"summary\" />\n<script type=\"application/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https://schema.org\",\"@graph\":[{\"@type\":\"WebSite\",\"@id\":\"https://www.redicted.com/#website\",\"url\":\"https://www.redicted.com/\",\"name\":\"Registered Agents, Inc\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https://www.redicted.com/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"ProfilePage\",\"@id\":\"https://www.redicted.com/author/admin/#webpage\",\"url\":\"https://www.redicted.com/author/admin/\",\"name\":\"admin, Author at Registered Agents, Inc\",\"isPartOf\":{\"@id\":\"https://www.redicted.com/#website\"},\"breadcrumb\":{\"@id\":\"https://www.redicted.com/author/admin/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https://www.redicted.com/author/admin/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https://www.redicted.com/author/admin/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https://www.redicted.com/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Archives for admin\"}]},{\"@type\":\"Person\",\"@id\":\"https://www.redicted.com/#/schema/person/f92961eea238b94826072d0a291e534e\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https://www.redicted.com/#personlogo\",\"inLanguage\":\"en-US\",\"url\":\"https://secure.gravatar.com/avatar/bb64da6304f38ff73d0e967391044376?s=96&d=mm&r=g\",\"contentUrl\":\"https://secure.gravatar.com/avatar/bb64da6304f38ff73d0e967391044376?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"mainEntityOfPage\":{\"@id\":\"https://www.redicted.com/author/admin/#webpage\"}}]}</script>\n<!-- / Yoast SEO plugin. -->",
"yoast_head_json": {
"robots": {
"index": "noindex",
"follow": "follow"
},
"og_locale": "en_US",
"og_type": "profile",
"og_title": "admin, Author at Registered Agents, Inc",
"og_url": "https://www.redicted.com/author/admin/",
"og_site_name": "Registered Agents, Inc",
"og_image": [
{
"url": "https://secure.gravatar.com/avatar/bb64da6304f38ff73d0e967391044376?s=500&d=mm&r=g"
}
],
"twitter_card": "summary",
"schema": {
"@context": "https://schema.org",
"@graph": [
{
"@type": "WebSite",
"@id": "https://www.redicted.com/#website",
"url": "https://www.redicted.com/",
"name": "Registered Agents, Inc",
"description": "",
"potentialAction": [
{
"@type": "SearchAction",
"target": {
"@type": "EntryPoint",
"urlTemplate": "https://www.redicted.com/?s={search_term_string}"
},
"query-input": "required name=search_term_string"
}
],
"inLanguage": "en-US"
},
{
"@type": "ProfilePage",
"@id": "https://www.redicted.com/author/admin/#webpage",
"url": "https://www.redicted.com/author/admin/",
"name": "admin, Author at Registered Agents, Inc",
"isPartOf": {
"@id": "https://www.redicted.com/#website"
},
"breadcrumb": {
"@id": "https://www.redicted.com/author/admin/#breadcrumb"
},
"inLanguage": "en-US",
"potentialAction": [
{
"@type": "ReadAction",
"target": [
"https://www.redicted.com/author/admin/"
]
}
]
},
{
"@type": "BreadcrumbList",
"@id": "https://www.redicted.com/author/admin/#breadcrumb",
"itemListElement": [
{
"@type": "ListItem",
"position": 1,
"name": "Home",
"item": "https://www.redicted.com/"
},
{
"@type": "ListItem",
"position": 2,
"name": "Archives for admin"
}
]
},
{
"@type": "Person",
"@id": "https://www.redicted.com/#/schema/person/f92961eea238b94826072d0a291e534e",
"name": "admin",
"image": {
"@type": "ImageObject",
"@id": "https://www.redicted.com/#personlogo",
"inLanguage": "en-US",
"url": "https://secure.gravatar.com/avatar/bb64da6304f38ff73d0e967391044376?s=96&d=mm&r=g",
"contentUrl": "https://secure.gravatar.com/avatar/bb64da6304f38ff73d0e967391044376?s=96&d=mm&r=g",
"caption": "admin"
},
"mainEntityOfPage": {
"@id": "https://www.redicted.com/author/admin/#webpage"
}
}
]
}
},
"_links": {
"self": [
{
"href": "https://www.redicted.com/wp-json/wp/v2/users/1"
}
],
"collection": [
{
"href": "https://www.redicted.com/wp-json/wp/v2/users"
}
]
}
}
]In Conclusion:
My journey underscores the profound impact of responsible disclosure in the realm of cybersecurity. By reporting security vulnerabilities, we collectively contribute to a safer digital world for all. The response of Registered Agents, Inc. serves as a prime example of how organizations can proactively address vulnerabilities identified by security researchers.
I extend my heartfelt gratitude to HackerOne and Registered Agents, Inc. for their swift response and effective remediation efforts. Together, we have fortified the security of user data, making the internet a more secure space, one vulnerability at a time.
In a world where cybersecurity threats are ever-present, responsible disclosure is a shared responsibility. If you encounter a security vulnerability, do not hesitate to report it through appropriate channels. Your actions can be pivotal in fortifying the digital realm for everyone.
Remember, we are all guardians of digital security, and together, we can construct a more secure and resilient online universe.
