|
|
|
|
|
|
by ruskyhacker
1286 days ago
|
|
|
Technically I agree - it's just one of those things that quite a few platforms do... It's similar to the eufy stuff circulated about recently. User uploads XYZ, they expect it to be "private" - platform devs decide private == obfuscated via a super long file name (a bit layman, sorry) in some kind of object storage. While there's definitely a method of securing the access to the uploaded content to those who should have access, it's often not implemented that way since your uploaded content would be statistically improbable to "guess" and even more improbable to tie it back to you. I came off a little direct, straight up saying it was not a vulnerability without context. While I still stand by it not being a vuln from a sec perspective, it's definitely not great. |
|
|