Serious vulnerabilities in a Honda ecommerce platform used for equipment sales have been disclosed by a researcher. The flaws, discovered by Eaton Zveare, could have allowed attackers to access customer and dealer information. Although Honda addressed the issues after being notified, they did not reward the researcher as they lack a bug bounty program. The vulnerabilities exposed over 21,000 customer orders and 1,500 dealer sites, potentially leading to phishing campaigns, malware installation, and covert website modifications. This disclosure follows a previous finding by Zveare of a vulnerability in a Toyota customer relationship management platform.
