Lumension® Endpoint Intelligence Center

Intelligence Center » News Archive » API vulnerability exposed accounts of Delmarva Power customers

API vulnerability exposed accounts of Delmarva Power customers

2015/02/09

Securityweek - (National) Delmarva Power, a subsidiary of Pepco Holdings, issued a patch in January addressing a vulnerability in its Android app after a researcher discovered the application programming interface (API) is plagued by Insecure Direct Object Reference (IDOR), which could have allowed an attacker to hijack customer's online accounts by resetting user's passwords and gaining control over their accounts.

Source: http://www.securityweek.com/api-vulnerability-exposed-accounts-delmarva-power-customers

Note: This news synopsis is taken from the DHS Daily Open Source Infrastructure Report, a daily [Monday through Friday, except US Federal holidays] summary of open-source published information concerning significant critical infrastructure issues; a 10-day archive of the DOSIR can be found at: http://www.dhs.gov/dhs-daily-open-source-infrastructure-report.


Last Updated: 27 May 2016 10:23:23