A vulnerability in the American Archive of Public Broadcastingβs website allowed unauthorized access to private media files for years, which was only recently patched. The exploit was exploited through an IDOR flaw and circulated among content preservation communities, highlighting risks in digital archives and online communities. #AAPB #IDOR
Keypoints
- The AAPB website had a security flaw that allowed unauthorized media downloads for years.
- The vulnerability exploited an insecure direct object reference (IDOR) allowing bypass of access controls.
- The flaw was exploited since at least 2021 and circulated primarily on Discord communities.
- The fix was implemented within 48 hours after being reported to AAPB.
- This incident highlights the risks posed by digital preservation communities and online leaks of private media.