20Eyl
Is unauthenticated access to electricity meter readings is considered a vulnerability
My grid provider has started sending emails with a URL that includes my account number. I can click and see my last readings and send new ones.
It's completely unauthenticated, you can try to guess somebody's account number (consecutive integer numbering) and see (and add) their readings.
They ignored my request to exclude my account from this feature.
Is it an known vulnerability? Does it have a name?
