LocalTapiola: Lahitapiola´s customer names send to 3rd party

ID H1:177523
Type hackerone
Reporter billy_blaze
Modified 2016-12-10T10:00:51



The reporter found that a logged on customers real name (but no further personal information) could leak to a 3rd party site in certain transaction processes.


The issue was investigated and found to be valid.


The reported case was valid and although not a vulnerability as such, it was not intended behavior. The scope of the issue was quite limited. The application has been updated. The bounty decision was made partially based on the potential consequences for a more serious customer information leak.