Severity:
High
Context:
In the app settings, users could view and modify the API endpoint (e.g., https://api.siteA.com) without restrictions.
Steps to Reproduce:
- Open the app
- Go to Settings > API Configuration
- Observe editable field showing the API URL
- Modify the endpoint to a different site
- Restart or sync app
Expected Result:
This setting should be restricted: only editable by admins or protected behind a password-protected section.
Actual Result:
Users can select any URL because the app stores previously selected URLs in memory.
-The app connects and sends data to the newly selected URL.
-No authentication is required to access or modify this setting.
Impact:
- Risk of intentional misrouting of production data
- Possibility of sending sensitive data to the wrong server.
- Persistent memory of unauthorized URLs could lead to repeated data leakage or misrouting
Suggested Fix:
- Added a password-protected access screen to the API settings section
- Locked the field and made it read-only for standard users
- Logged every access attempt to the configuration screen for auditing
Lesson learnt:
“If the app trusts everyone with the map, don’t be surprised when someone changes the destination.”
Let’s connect! I share common bugs, solutions, and QA tips regularly.