Get a Pentest and security assessment of your IT network.

Cyber Security

Louis Vuitton fixes data leak and account takeover vulnerability

Louis Vuitton has quietly patched a security vulnerability on its website that allowed for user account enumeration and even allowed account takeover via password resets. The vulnerability is surprisingly easy to exploit and I had found it by accident when clicking in one of the links in the. MyLV account section of the company’s website. An attacker can potentially obtain email addresses of multiple. members without their knowledge or consent by. simply enumerating their account ID in the URL. The company thanked the researcher for reporting the vulnerability in an email.

Source: https://www.bleepingcomputer.com/news/security/louis-vuitton-fixes-data-leak-and-account-takeover-vulnerability/

Related posts
Cyber Security

Zip Codes & PII: Are They Personal Data?

Cyber Security

Zero-Day Vulnerabilities: User Defence Guide

Cyber Security

Zero Knowledge Voting with Trusted Server

Cyber Security

ZeroNet: 51% Attack Risks & Mitigation