Cooking Up Stronger Security For A Leading Meal-Kit Provider

Client Overview

Our client was a prominent and widely recognized unicorn in the meal-kit industry, operating across the United States and several European regions. The goal was to determine whether our team could assist the client in strengthening the security of their various brands and products, consequently enhancing their overall security measures.

Why the Client Chose Us

The client opted for our services in web penetration testing for several notable reasons. Our specialization in their specific industry and the expertise backed by certifications, such as CEH and CISSP, made us their choice. They found our utilization of cutting-edge tools and tailored approaches to address their unique security requirements particularly appealing. Past successes and our adherence to industry compliance standards provided a foundation of trust. They recognized our team’s potential to enhance their security measures and ensure the security of their brands and customers.

Project Overview

Our mission was to assess the security of our client’s multiple brands and products, evaluating them for vulnerabilities that could impact their customers. The primary focus was on Account Takeover, Personal Identifiable Information (PII) Disclosure, and server-side misconfigurations.

How Ebryx Responded

During our assessment, our penetration testing team discovered critical, high, and medium-severity vulnerabilities that posed potential risks. One of the most critical vulnerabilities was an Account Takeover issue related to their token generation method. The token was generated based on epoch time – a numerical representation of the date and time since January 1, 1979. Exploiting this vulnerability, we executed a Race Condition attack on the vulnerable API, allowing us to take over victim accounts by obtaining the same token simultaneously.

It is worth noting that this vulnerability had gone unnoticed by both the client’s in-house team and previous third-party entities that had conducted penetration tests on their system. This vulnerability, which affected all their brands, put their customers at risk for potential account takeovers.

Results and Outcomes

Our collaboration with the client proved to be mutually beneficial. The client had an opportunity to assess our skills, leading them to approach us for additional dedicated projects. Simultaneously, the client significantly enhanced its security posture. This improvement not only protected the client’s reputation but also reassured their customers of a safer and more secure experience.

Share the article with your friends

Related Posts

Blog
Posted by Editorial Staff Cloud technology has revolutionized business. In the age of lightning fast connectivity and communication, productivity and innovation have soared. Unfortunately, cloud environments are vulnerable to attack
May 22, 2023
3 Min Read
Blog
Posted by Editorial Staff In mid 2021, an organization in the telecommunication sector suffered a breach in their cybersecurity. Hackers compromised the company’s online services to target their end-users– putting
May 22, 2023
3 Min Read
Blog
Posted by Editorial Staff In late 2018 cybercriminals conducted a multimillion-dollar raid on a mid-sized bank. In the chaotic aftermath of the breach, one of the country’s largest banking consortium
May 22, 2023
3 Min Read

Have questions?
Let's talk.

Ebryx experts are ready to answer
your questions.

Contact us