Vulnerability Disclosure

Security design flaw in Storage by Zapier

Posted on 2020-08-05 by Alexei Doudkine in Vulnerability Disclosure

Recently, we discovered a design flaw in how Storage by Zapier was verifying authentication. This flaw could allow attackers to compromise other users’ data stored within Storage by Zapier if the victim mistakenly chose a weak key or a key that was already in use.

This vulnerability was disclosed to Zapier and has since been partially remediated. Zapier’s solution is assessed at the end of this article.

Continue reading