With their easy work management systems, online collaboration tools such as Trello, Jira, Notion, and Monday are used by many companies to run efficient team tasks in the process of work digitization.

However, such online collaboration tools have downsides as major tasks and information are shared where anybody can access, which could lead to potential data leakage. This is why these internet-based collaboration tools need to be set to private or require authentication procedures. Yet, despite these collaboration tool vulnerabilities have been continuously raised, some of them are still set to “public.”

On Criminal IP (https://www.criminalip.io), you can use keywords and the html_meta_description filter to find open collaboration tools defenseless on the internet.

Using Keywords to Search For Vulnerabilities

For example, we searched for the most frequently used collaboration tool Kanban board with the keyword “Kanban” on Criminal IP Asset Search. A total of 5,104 of them were found.

Search Keyword: “kanban”

collaboration tool vulnerability

Result when searched with the keyword “Kanban” on Criminal IP Asset Search

Amongst the search results, dashboards where the key information was accessible without any login-authentication were also found.

collaboration tool vulnerability

An open collaboration tool page without login-authentication

collaboration tool vulnerability

An open collaboration tool page without login-authentication

Using the same mechanism, you can search for other popular tools like Trello, Jira, Notion, Monday as well.

Search Keyword: “Trello”

Search Keyword: “Notion”

Search Keyword: “Jira”

When searched for Jira, for example, a total of 65,450 sites were found to be exposed on the internet.

collaboration tool vulnerability

Result when searched with the keyword “Jira” on Criminal IP Asset Search

Using the “HTML Meta Description” Filter to Search For Vulnerabilities

You can also look for exposed collaboration tools on the internet with the html_meta_description filter on Criminal IP(criminalip.io). Using this filter will narrow down your search result to more directly exposed collaboration tool pages. Here, we took a look at exposed pages by using the html_meta_description: “Kanban” and “Dashboard.

html_meta_description: “Kanban”

html_meta_description: “Dashboard”

collaboration tool vulnerability

Result when searched html_meta_description: kanban on Criminal IP

collaboration tool vulnerability

A login page of a collaboration tool after searching for html_meta_description: dashboard

Even though the majority of these pages require login-authentication, being available on the internet and easily found with a few combinations of keywords implies that the servers running this tool are exposed to several cyber attacks like brute-force attacks.


Source : Criminal IP (https://www.criminalip.io)