With their easy work management systems, online collaboration tools such as Trello, Jira, Notion, and Monday are used by many companies to run efficient team tasks in the process of work digitization.

However, such online collaboration tools have downsides as major tasks and information are shared where anybody can access them, which could lead to potential data leakage. This is why these internet-based collaboration tools need to be set to private or require authentication procedures. Despite repeated concerns over the security vulnerabilities of online collaboration tools, some users still set them to “public,” allowing anyone to access the information posted on these platforms.

On Criminal IP (https://www.criminalip.io), you can use keywords and the html_meta_description filter to find open collaboration tools defenseless on the internet.

Using Keywords to Search For Vulnerabilities

For example, we searched for the most frequently used collaboration tool Kanban board with the keyword “Kanban” on Criminal IP Asset Search. A total of 5,104 of them were found.

Search Keyword: “kanban”

collaboration tool vulnerability

Result when searched with the keyword “Kanban” on Criminal IP Asset Search

Within the search results, we also discovered dashboards where important information was easily accessible without requiring any login authentication.

collaboration tool vulnerability

An open collaboration tool page without login-authentication

collaboration tool vulnerability

An open collaboration tool page without login-authentication

Using the same mechanism, you can also search for other popular tools like Trello, Jira, Notion, and Monday.

Search Keyword: “Trello”

Search Keyword: “Notion”

Search Keyword: “Jira”

When searching for Jira, for example, a total of 65,450 sites were found to be exposed on the internet.

collaboration tool vulnerability

Result when searched with the keyword “Jira” on Criminal IP Asset Search

Using the “HTML Meta Description” Filter to Search For Vulnerabilities

You can also look for exposed collaboration tools on the internet with the html_meta_description filter on Criminal IP(criminalip.io). Using this filter will narrow down your search result to more directly exposed collaboration tool pages. Here, we took a look at exposed pages by using the html_meta_description: “Kanban” and “Dashboard.

html_meta_description: “Kanban”

html_meta_description: “Dashboard”

collaboration tool vulnerability

Result when searched html_meta_description: kanban on Criminal IP

collaboration tool vulnerability

A login page of a collaboration tool after searching for html_meta_description: dashboard

Despite the fact that most of these pages require login authentication, their presence on the internet and easy discoverability through a few simple keyword searches suggests that the servers running these collaboration tools are vulnerable to various cyber attacks, such as brute-force attacks. Therefore, it is crucial for users to take the necessary security measures and ensure that their collaboration tools are properly secured to prevent unauthorized access and potential data breaches.


Source : Criminal IP (https://www.criminalip.io)