The Skoda Automotive cloud contains a Broken Access Control vulnerability, allowing to obtain nicknames and other user identifiers of Skoda Connect service users by specifying an arbitrary vehicle VIN number.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Skoda_connect | Skoda-auto | - (including) | - (including) |