January 22, 2024 at 03:31PM
A security researcher in Germany was fined €3,000 for reporting a vulnerability in an e-commerce database that put customer information at risk. Modern Solution GmbH downplayed the data exposure, leading to a legal battle. Hendrik H. was initially vindicated by the District Court but was eventually fined and is planning to appeal.
Based on the meeting notes, here are the key takeaways:
1. A security researcher in Germany, Hendrik H., discovered and reported a vulnerability in an e-commerce database, but was fined €3,000 for doing so.
2. The vulnerability involved plain text storage of password access to the remote server in MSConnext.exe, posing a risk to customer information.
3. Modern Solution GmbH released a statement expressing uncertainty about the extent of data exposure and emphasized ongoing investigations into the incident.
4. There is a dispute over the severity of the vulnerability, with arguments that it was more serious than conveyed by the company.
5. In September 2023, Hendrik H. was charged with unlawful access according to Germany’s Criminal Code, following a complaint from Modern Solutions, but intends to appeal the decision.
6. The Jülich District Court initially sided with Hendrik H., but the case was appealed to the Aachen regional court, resulting in a decision that left Hendrik H. fined and responsible for court costs.
Overall, the situation involves legal and ethical complexities around vulnerability reporting and access to company databases.