A simple IDOR in India’s income‑tax portal let any logged‑in user view other taxpayers’ records by swapping PAN numbers, exposing names, addresses, bank details, and Aadhaar IDs. When a single national identifier is linked across services, one portal bug becomes a gateway to large‑scale identity theft and fraud. This turns routine web mistakes into systemic failures.
— It warns that centralized ID schemes create single points of failure and need stronger authorization design, red‑team audits, and legal accountability.
BeauHD
2025.10.08
100% relevant
TechCrunch’s report that India’s e‑Filing portal exposed Aadhaar numbers and bank accounts via an IDOR vulnerability.
← Back to All Ideas