Findings

Numeric ID

Updated: June 19, 2025

findings design based findings api finding

Description

An endpoint is using a numeric parameter for identifying resources. Using numeric IDs that are sequential or predictable can expose sensitive information about the underlying data structure or the number of resources available. This can create security vulnerabilities such as unauthorized access, data breaches or enumeration attacks.

Remediation

To mitigate these risks, it is recommended to adopt safer identifiers such as UUIDs, that can not be easily guessed. This makes it more challenging for attackers to figure out sensitive information.

Security Frameworks

OWASP API 2023

API1:2023 Broken Object Level Authorization

APIs tend to expose endpoints that handle object identifiers, creating a wide attack surface of Object Level Access Control issues. Object level authorization checks should be considered in every function that accesses a data source using an ID from the user.

OWASP API 2019

API1:2019 Broken Object Level Authorization

APIs tend to expose endpoints that handle object identifiers, creating a wide attack surface of Object Level Access Control issues. Object level authorization checks should be considered in every function that accesses a data source using an ID from the user.

Need help?

Contact FireTail support

Previous (Findings - Design based findings)
Non-standard JSON Web Token
Next (Findings - Design based findings)
Plaintext alternative authentication