[Owasp-leaders] opinion regarding issue found in major email provider

Eoin Keary eoin.keary at owasp.org
Thu Aug 27 14:37:17 UTC 2015


Looks like it's validating the Lhun format but no business logic.
https://en.m.wikipedia.org/wiki/Luhn_algorithm


Eoin Keary
OWASP Volunteer
@eoinkeary



> On 27 Aug 2015, at 14:47, johanna curiel curiel <johanna.curiel at owasp.org> wrote:
> 
> Hi all
> 
> I woudl like to have your opinion on an issue I found during a bug hunting activity
> 
> A major email provider has a their own store for selling branded t-shirts, pen, etc.
> 
> I attempted to buy using a test credit card number. I was able to get a confirmation and final transaction with a value of USD2000. 
> 
> When I reported the issue, they mentioned to me they did not consider this as a vulenrability. I have always understand that deploying to production should not contain test data that attackers could use to bypass the system.
> 
> What kind of vulnerability can this be considered if we can consider it a vulnerability?
> 
> regards
> 
> Johanna
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20150827/ec58a871/attachment.html>


More information about the OWASP-Leaders mailing list