Security
Audit
intercom-settings-user-identifier-without-user-hash
intercom-settings-user-identifier-without-user-hash
Found an initialization of the Intercom Messenger that identifies a User, but does not specify a user_hash
.This configuration allows users to impersonate one another. See the Intercom Identity Verification docs for more context https://www.intercom.com/help/en/articles/183-set-up-identity-verification-for-web-and-mobile
Likelihood: MEDIUM
Confidence: MEDIUM
CWE:
- CWE-287: Improper Authentication