It is a sample profile service. Profile service is what users have to make in RealDevSquad and link it to the identity service(project in RealDevSquad), by doing this their profile data is synced from their profile service to our database whenever they update it.
This is a critical issue notified by @Ajeyakrishna-k. This backend project has 3 endpoints - verification, profile, and health. The purpose of the profile API endpoint is to provide details of the owner like company, phone number, etc. To protect this API, we are receiving a bearer token, if the token is correct then it returns profile data. The issue is that one can generate that token from the verification endpoint easily by sending a salt.
Reproducibility
This issue is reproducible
This issue is not reproducible
Steps to Reproduce
Try calling the verification endpoint with a salt, it will return a hash.
Send that hash as a bearer token while calling the profile endpoint, you will get the profile data.
Severity/Priority
Critical
High
Medium
Low
Checklist
I have read and followed the project's code of conduct.
I have searched for similar issues before creating this one.
I have provided all the necessary information to understand and reproduce the issue.
I am willing to contribute to the resolution of this issue.