Security researcher Scott Helme has turned up a dumb password reset bug in UK energy company Ecotricity’s car charging app. The bug is in the app the company provides for users of its network of ‘leccy car recharge points: it had a bad user enumeration bug that would let an attacker reset someone else’s password and therefore take over their account.
View full story
Original source: The Register