Dialog security vulnerability

[BC_Dilum]

Today I found a severe security vulnerability in Dialog online portal login. One of their public APIs exposing login url for any user.

I attached a screenshot of the API but for ethical reasons I blocked some part of the url

Because of this issue I can log into user accounts who are trying to log into Dialog portal at the moment

 

[Jack_Sparrow]

Did you inform them?
I dont know whether they have a security channel

but seems like you can use this email [email protected]

https://www.dialog.lk/internet-security-risks

 

[BC_Dilum]

I sent a screen recording to Dialog Facebook page. But looks like it is not 1 hour fix. They need to change entire login process