Social audio platform SoundCloud fixed multiple security vulnerabilities affecting its application programming interface (API) that could allow potential attackers to take over accounts, launch denial of service attacks, and exploit the service according to the Checkmarx Security Research team.
SoundCloud is an open audio platform founded in 2007 that provides access to more than "200 million tracks from
25 million creators heard in 190 countries." It is also "the world’s largest open audio platform, powered by a connected community of creators, listeners, and curators on the pulse of what's new, now and next in culture,"
according to SoundCloud.
According to a report shared with BleepingComputer, while investigating the online music platform for API security flaws, the
Checkmarx researchers found several vulnerabilities in SoundCloud's API endpoints that attackers could exploit to launch attacks directed at the platform and its users.
Among these API bugs, the researchers discovered:
• Broken authentication & user enumeration opening the door for account takeovers
• Lack of resource request limiting & rate limiting that could be abused for site denial of service attacks
• Security misconfiguration & improper input validation leading to service exploitation attempts
