|
|
|
|
|
|
by randomint64
69 days ago
|
|
|
The attack would be like: attacker has read/write access to the database but not to the code of the backend service. Attacker swaps the hash of a targeted API key with the hash of their own API key. Attacker has now access to the resources of the targeted organization when using their own API key. |
|
|