LocalTapiola: Lahitapiola´s customer names send to 3rd party

2016-10-22T11:46:10
ID H1:177523
Type hackerone
Reporter billy_blaze
Modified 2016-12-10T10:00:51

Description

Issue

The reporter found that a logged on customers real name (but no further personal information) could leak to a 3rd party site in certain transaction processes.

Fix

The issue was investigated and found to be valid.

Reasoning

The reported case was valid and although not a vulnerability as such, it was not intended behavior. The scope of the issue was quite limited. The application has been updated. The bounty decision was made partially based on the potential consequences for a more serious customer information leak.