20Eyl
Vilnerability? Unauth-ed access to your electricity meter readings by url
My grid provider has started sending emails with url that includes my account number with them. I can click and see my last readings and send new ones.
It's completely unauthed, you can try to guess somebody's account number (integer, consequentive) and see (and enter) their readings.
I asked them to exclude my account from this feature, they ignored.
Is it an officially acknowledge vulnerability, does it have a name?
