Security News > 2021 > August > Bugs in gym management software let hackers wipe fitness history
Security researchers found vulnerabilities in the Wodify fitness platform that allows an attacker to view and modify user workouts from any of the more than 5,000 gyms that use the solution worldwide.
In a report published today, researchers at cybersecurity company Bishop Fox disclosed a set of vulnerabilities in the Wodify platform that could affect not only users' workouts and personal information but also the financials of a gym.
Exploiting the flaws allows enumerating and modifying entries in the Wodify platform from all the gyms that use it, says Dardan Prebreza, Senior Security Consultant at Bishop Fox.
One of the vulnerabilities refers to insufficient authorization controls, which could serve to enumerate users and change their data in the Wodify platform.
Prebreza first notified Wodify of his findings more than half a year ago and was told in April that the bugs would be fixed within 90 days.
The researcher told BleepingComputer that communication with Wodify has been very difficult and it took the company a long time to acknowledge the vulnerabilities.