According to The Register, NordVPN’s payment platform had a serious authentication vulnerability that exposed sensitive user information.
The vulnerability was first reported on HackerOne (a bug bounty platform), where a researcher under the name “dakitu” explained that anyone could easily access the payment data of any NordVPN user.
The sensitive data included information such as email addresses, total amount paid, currency and even the NordVPN products they bought.
Due to poor authentication, dakitu was able to access anyone’s information by sending HTTP POST request to the join.nordvpn.com sub-domain.
Just by changing the User ID, dakitu viewed user information of a NordVPN customer.
According to The Register, NordVPN customers were left uninformed about this issue.
According to TechRadar, No customer data had been exploited.
In February, another NordVPN report was disclosed on HackerOne about its rate-limiting issue in their “Forgot Password for account” option. – posted by Vansh (th3pr0xyb0y)
Both the issues are now patched and awarded bounty to the reporters on HackerOne.
Source: The Register