github.com/drakkan/sftpgo is vulnerable to Insecure Direct Object Reference (IDOR). The vulnerability is due to the lack of proper security measures such as JWT ID (JTI) claims, nonces, and proper expiration and invalidation mechanisms. The vulnerability allows an attacker with a valid intercepted token to access other usersβ files and directories by manipulating URL parameters.