In most cases, trust boundaries are violated when a secret is exposed in a source code repository or an uncontrolled deployment environment.
Unintended people who don’t need to know the secret might get access to it. They might then be able to use it to gain unwanted access to associated
services or resources.
The trust issue can be more or less severe depending on the people’s role and entitlement.
What is the potential impact?
Adafruit IO provides an API that allows you to interact with IoT devices. The API can be used to store data, trigger webhook notifications, or
modify the layout and information shown on user dashboards.
Below are some real-world scenarios that illustrate some impacts of an attacker exploiting the secret.
Exceeding rate limits
Using a leaked secret, an attacker may be able to make hundreds or thousands of authenticated calls to an online service. It is common for online
services to enforce a rate limit to prevent their servers from being overwhelmed.
If an attacker is able to exceed a user-based rate limit, they may be able to cause a denial of service for the user. If this continues over a long
period of time, the user may also be subject to additional fees or may have their account terminated.
Chaining of vulnerabilities
Triggering arbitrary workflows can lead to problems ranging from a denial of service to worse, depending on how the webhook’s data is handled. If
the webhook performs a specific action that is affected by a vulnerability, the webhook acts as a remote attack vector on the enterprise.
Components affected by this webhook could, for example, experience unexpected failures or excessive resource consumption. If it is a single point
of failure (SPOF), this leak is critical.
Modification of application data
Applications may rely on data that cannot be distributed with the application code. This may be due to the size of the data, or because the data is
regularly updated. This data is downloaded by the application as it is needed.
If an attacker can gain access to an authentication secret, they may be able to alter or delete this application data. This may cause parts of the
application to misbehave or stop working. Maliciously altered data could also contain undesirable content which results in reputational damage.
