The flaw which was revealed byIT security consultant Paul Mooremay have put Immobilises 28 million registered records cyber criminals.
It is used by users to register their valuables like bikes, computers, phones etc.
and is said to host registered records of 28 million items.
Most of its services are used by Insurance companies and police authorities.
The vulnerability stems from the URL presented to users who which to register their products on Immobilise.
To ascertain the ownership they are supposed to download an ownership certificate from Immobilise in PDF format.
An attacker wouldnt know the User ID or Certificate ID, so its safe, right?
Moore added on his blog post, Far from it!
The numbers arent random, theyre sequential, thus deterministic.
If the last certificate number is 7161519, the next is 7161520 and so on.
source: www.techworm.net
