Endpoint leaking lots of user info, but all the sensitive data is encrypted
Hey guys,
Like the title says, I found an endpoint on an app which leaks lots of sensitive user data. However, the data returned is encrypted, and each user object contains a unique “encrypted_envelope_key” and “envelope_key_id” values. There is also a “service_key_id” value included in each object (same for each one).
I read a bit about envelope encryption, but still have no idea how I should go about trying to decrypt the data or whether it’s even doable.
So, for anyone who’s come across this before, what would the prerequisites be for me to be able to decrypt this.
Thanks a lot
submitted by /u/highfly123
[link] [comments]
The agency unlawfully searched a foreign intelligence database for info on thousands of innocent American citizens