Bykea: Ability to increase any customer offered fare (BAC)

A business logic flaw was discovered that allowed a malicious passenger or driver acting as a passenger to increase the fare of another customer's ride without their involvement. By chaining two unauthenticated endpoints, an attacker could cause an inflated fare to appear on the driver's screen...