Hi everyone!
In this post I will explain how I found a security issue on 'ENAIRE Planea' and how I reported it to ENAIRE.
In 18th of October of 2021 ENAIRE drops a new version of 'Planea' and I decided to take a look at it. I registered on the platform and I started to play with it. After a few minutes I found a security issue, I could get all the name, ID number (DNI), email and telephone of all users registered on that platform! Now I will explain how I found it.
Google Chrome has a developer tool called 'Network' that allows you to see all the requests that are made when you are browsing a website. I opened that tool and I started to play with the platform. I saw that when you log in, the website makes a request that return an object called "coop". The coops looked like admin users, so I save the IDs of each one.
In the next step I go to "localStorage" of Google Chrome and... surprise! My data was there and writed on plain text! So... What´s happened if I change the ID of the coop? I changed it and... I got the data of another user! I tried with all the IDs that I saved and I got all the data of all the users registered on the platform and the platform notifications that that user had. And not only that... I could change the data of the users!
I reported it to ENAIRE and they fixed it in a few days. I explained them how I found it and they send It to the developers,they didn´t know how I found it, so I explained them how I found it and they were very grateful. Of course, I didn´t get any reward, but I don´t care, I just wanted to help them.