Enumeration vulns are very serious, it’s just luck that this one appeared to be low risk.
A competitor of the restaurant could see everything that was ordered that night. Pretty serious imo.
Or profile the customers of every business, by changing both IDs.
But that’s my point: not all risks are the same. A cache issue that serves you someone else’s crossword puzzle is an inconvenience, but a cache issue that serves you someone’s credit report is way worse.
But what does it say about the payment app if it doesn't bother to secure the low hanging fruit?
A competitor of the restaurant could see everything that was ordered that night. Pretty serious imo.
Or profile the customers of every business, by changing both IDs.
But that’s my point: not all risks are the same. A cache issue that serves you someone else’s crossword puzzle is an inconvenience, but a cache issue that serves you someone’s credit report is way worse.
But what does it say about the payment app if it doesn't bother to secure the low hanging fruit?