With their easy work management systems, online collaboration tools such as Trello, Jira, Notion, and Monday are used by many companies to run efficient team tasks in the process of work digitization.
However, such online collaboration tools have downsides as major tasks and information are shared where anybody can access, which could lead to potential data leakage. This is why these internet-based collaboration tools need to be set to private or require authentication procedures. Yet, despite these collaboration tool vulnerabilities have been continuously raised, some of them are still set to “public.”
On Criminal IP (https://www.criminalip.io), you can use keywords and the html_meta_description filter to find open collaboration tools defenseless on the internet.
Using Keywords to Search For Vulnerabilities
Search Keyword: “kanban”
Amongst the search results, dashboards where the key information was accessible without any login-authentication were also found.
Using the same mechanism, you can search for other popular tools like Trello, Jira, Notion, Monday as well.
Search Keyword: “Trello”
Search Keyword: “Notion”
Search Keyword: “Jira”
When searched for Jira, for example, a total of 65,450 sites were found to be exposed on the internet.
Using the “HTML Meta Description” Filter to Search For Vulnerabilities
You can also look for exposed collaboration tools on the internet with the html_meta_description filter on Criminal IP(criminalip.io). Using this filter will narrow down your search result to more directly exposed collaboration tool pages. Here, we took a look at exposed pages by using the html_meta_description: “Kanban” and “Dashboard.”
Even though the majority of these pages require login-authentication, being available on the internet and easily found with a few combinations of keywords implies that the servers running this tool are exposed to several cyber attacks like brute-force attacks.