|
|
|
|
|
|
by dredmorbius
1954 days ago
|
|
|
If the ID scheme mapping is sufficiently dense, traversal attacks on otherwise obscured namespaces become an option. This might apply to user accounts, posts, payment accounts, or other elements. Security isn't simply about compromising account credentials or access policies. It may be any unintended or unexpected data disclosure, inferred relationships (between accounts, activity, finances, offline attributes, access, reputation, and more), denial of access, stalking or harassment, and more. These might not be unexpected in all cases, but could well be undesired in many instances. |
|
|