Hacking Encryption With Signing Oracles
And why you should never reuse encryption keys
I’m always looking for ways to find more IDORs. (More about finding IDORs here.)
Lately, I noticed a trend in the web applications I’ve been testing: protecting against IDORs by using encrypted parameters.