Improper generating of access link at go.larksuite.com leads to access to other organizations/users' private data
Medium
L
Lark Technologies
Submitted None
Team Summary
Official summary from Lark Technologies
Improper generating of a Lark access link could have led an attacker to potentially brute force access codes revealing other organizations/users' private data. We have resolved this issue and thank @w2w for reporting this to our team.
Actions:
Reported by
w2w
Report Details
Additional information and metadata
State
Closed
Substate
Resolved