AAPB’s Awkward Archive Flaw: When Sesame Street Meets Cybersecurity!
The American Archive of Public Broadcasting’s website had a flaw allowing unauthorized media downloads for years. Despite reporting it in 2021, the issue was only patched recently. The vulnerability, involving insecure direct object reference, was exploited by ‘data hoarders’ on Discord, leading to leaks of protected content. Access controls have since been strengthened.
Hot Take:
Guard your archives like a dragon guards its treasure! The American Archive of Public Broadcasting’s website had more holes than a block of Swiss cheese, letting people snag private media for years. They finally patched it up, but not before a few episodes of “Sesame Street” and possibly Big Bird flew the coop! Time to install some stronger locks, folks!
Key Points:
– A vulnerability in the American Archive of Public Broadcasting’s website allowed unauthorized access to private media since at least 2021.
– The issue was reported to AAPB but wasn’t fixed until recently, with the patch implemented just 48 hours after BleepingComputer’s inquiry.
– The flaw was related to an insecure direct object reference (IDOR) that could be exploited using a simple Tampermonkey script.
– Content leaks, including a rare “Sesame Street” episode, circulated among Discord preservation groups.
– Despite the fix, the extent of accessed and shared content remains unknown.