L' INTELLIGENCE CYBER par Jean-Paul Pinte

Ecotricity is a green energy, UK based company known for its large network of electric vehicle charging stations. Scott Helme, a security researcher identified a vulnerability in the password reset process of the company’s mobile application. The vulnerability allowed an attacker to reset any user’s password and take over their account. Helme, responsibly disclosed the serious flaw to the company, which reacted quickly, permanently fixed the issue, and updated the application within 48 hours. This note provides an overview of the vulnerability, reminds the reader that there is no perfect security, and underscores the company’s quick reaction to the responsible vulnerability disclosure. Additionally, it highlights the importance of thorough security testing, vulnerability response readiness, and vendor vulnerability disclosure maturity.

https://www.enisa.europa.eu/publications/info-notes/responsible-vulnerability-disclosure-and-response-matter