Serious vulnerabilities in a Honda ecommerce platform used for equipment sales have been disclosed by a researcher. The flaws, discovered by Eaton Zveare, could have allowed attackers to access customer and dealer information. Although Honda addressed the issues after being notified, they did not reward the researcher as they lack a bug bounty program. The vulnerabilities exposed over 21,000 customer orders and 1,500 dealer sites, potentially leading to phishing campaigns, malware installation, and covert website modifications. This disclosure follows a previous finding by Zveare of a vulnerability in a Toyota customer relationship management platform.
About OODA Analyst
OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.