Spain’s Ministry of Universities has reportedly been compromised after a high-severity IDOR vulnerability granted an unauthorized actor admin-level access to its database. The breach allegedly used leaked credentials combined with sequential DNI iteration to systematically exfiltrate large amounts of student and applicant PII and financial records, including passport scans, DNI/NIE scans, apostilled degrees, transcripts, payment receipts, and enrollment data. #SpainMinistryOfUniversities #IDOR
Keypoints
- A high-severity IDOR vulnerability reportedly allowed admin-level database access.
- Leaked credentials combined with sequential DNI iteration were used to access records.
- Exfiltrated data allegedly includes passport scans, DNI/NIE scans, and apostilled degrees.
- Financial information such as payment receipts and IBANs was reportedly exposed.
- Students and applicants may be affected by widespread PII and enrollment data exposure.
Read More: https://dailydarkweb.net/spain-ministry-of-universities-data-breach/