14 DAY TRIAL // Vulnerability Lab discovered multiple web vulnerabilities on the global communications provider's official websites, which even though were discovered in April, wasn't patched by the vendor until August.
According to the report, an anonymous laboratory researcher came across the weaknesses which could have easily been taken advantage of by a remote attacker.
The first issue refers to a redirection vulnerability that was detected in the customer log-in module. If an ill-intended hacker would have noticed this, he could have easily hijacked sessions, launch phishing attacks or perform external redirects to malicious content.
Non-persistent input validation vulnerabilities were also revealed in the job list and job search modules which could have led to remote attackers hijacking customer sessions.
Even though the weaknesses were cataloged as being medium and low, vendors should be more careful when it comes to the well-being of their customers.