Major DSTV security flaw

Random3328

Random3328

New Member
Joined
Feb 1, 2023
Messages
1
Reaction score
2
Hey all

I raised this to DSTV support last year and they haven't done anything, I was more asked why I did such a thing in the first place.

People who have DSTV accounts outside of South Africa, can technically access another person's account in SA, just by simply logging in with their connect ID. For example let's say a user from Zimbabwe goes to the SA URL, instead of their countries URL, and then they complete the login process. The profile that will show up, will not be theirs but someone else completely different, you can then modify everything to do with their account, and no limitations on it.

Now this has some serious worry as you have access to all their personal information, can change subscription plans and modify their billing without ever obtaining their login information.

I have attached two images of the two separate accounts as an example that this can be done and achieved.
 

Attachments

  • DSTV security risk proper account.jpg
    DSTV security risk proper account.jpg
    199.7 KB · Views: 71
  • DSTV security risk.png
    DSTV security risk.png
    848 KB · Views: 71
Random3328 said:
Hey all

I raised this to DSTV support last year and they haven't done anything, I was more asked why I did such a thing in the first place.

People who have DSTV accounts outside of South Africa, can technically access another person's account in SA, just by simply logging in with their connect ID. For example let's say a user from Zimbabwe goes to the SA URL, instead of their countries URL, and then they complete the login process. The profile that will show up, will not be theirs but someone else completely different, you can then modify everything to do with their account, and no limitations on it.

Now this has some serious worry as you have access to all their personal information, can change subscription plans and modify their billing without ever obtaining their login information.

I have attached two images of the two separate accounts as an example that this can be done and achieved.
Click to expand...
Thanks for taking the time to report this. I have sent this to my contacts at Multichoice
 
Random3328 said:
People who have DSTV accounts outside of South Africa, can technically access another person's account in SA, just by simply logging in with their connect ID.
Click to expand...
Jan from the staff here has seen this and knows peeps at Multichoice.

May be a once-off oddity but can't test with my old external accs. as they're without decoders now.
I did try it in reverse (SA details used in another country) - glad to say that doesn't work.

@Geoff.D - FYI
 
A Nigerian friend who lives here in Cape Town knows about this. His brother in Lagos accessed His account and sent him a screenshot

1675604928083.png
 
epah said:
Your fault for still subscribing to DSTV. we dont care here.
Click to expand...
The topic clearly states "including DSTV" - scroll past if you are not interested. The only thing we don't care about is your opinion unrelated to the discussion.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X