Note #20176

Hey @VOXI_UK! There’s a security #vulnerability in your website. An attacker can (a) exfiltrate mobile numbers and (b) authenticate bypassing OTP.

Not sure who to talk to about ethical disclosure. Let me know?

2 comments

  1. VOXI VOXI says:

    Hey Dan. Thanks for bringing this to our attention, can you please drop us a DM so we can take a further look into this? This can also be reported on the link here – vodafone.com/about-vodafone… 🙂 Liam

    Read more →

    1. Dan Q Dan Q says:

      Thanks; I’ve filed a report now.

Reply here

Your email address will not be published. Required fields are marked *

Reply on your own site

Reply elsewhere

You can reply to this post on Facebook.

Reply by email

I'd love to hear what you think. Send an email to b20176@danq.me; be sure to let me know if you're happy for your comment to appear on the Web!