A Hacker named "Moe1" has identified a security vulnerability in South African National Roads Agency Limited website(www.sanral.co.za).
The vulnerability allows attackers to obtain the PIN to log into the E-toll website if the attacker knows the username.
The hacker told Mybroadband that email confirmation page which is part of registration process, contains the PIN Number of the user.
Hacker created a small command line tool to exploit the vulnerability in the website. Anyone can retrieve the PIN number by just passing the username to the tool.
Hackers also said the vulnerability expose sensitive information such as ID numbers, vehicle license plate numbers, postal addresses, and payment methods.
The vulnerability allows attackers to obtain the PIN to log into the E-toll website if the attacker knows the username.
The hacker told Mybroadband that email confirmation page which is part of registration process, contains the PIN Number of the user.
Hacker created a small command line tool to exploit the vulnerability in the website. Anyone can retrieve the PIN number by just passing the username to the tool.
Hackers also said the vulnerability expose sensitive information such as ID numbers, vehicle license plate numbers, postal addresses, and payment methods.
