MTN Group: Broken Access Control leads to disclosure of transaction history via /v2/rechargeTransactionHistory endpoint
The vulnerability disclosed the transaction history details of MTN NG customers, including recharge dates, amounts, and transaction IDs. This was caused by insufficient authorization checks in the /v2/rechargeTransactionHistory API endpoint, which allowed access to other customers' data without...