Latest Privacy

Theregister

NordVPN quietly plugged vuln where an HTTP POST request without authentication would return detailed customer data

By Gareth Corfield 07 Mar 2020 at 16:03

A vulnerability in NordVPN's payments platform allowed anyone to view users' payment information and email addresses, a startling HackerOne entry has revealed. By simply sending an HTTP POST request without any authentication at all to join.nordvpn.com one could read off users' email addresses, payment method and URL, currency, amount paid and...

Read more