1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

MyAudi security issue

Discussion in 'General Technical / How To' started by Zygote, Apr 1, 2014.

  1. Zygote
    Offline

    Zygote Member

    Joined:
    Sep 2, 2013
    Messages:
    71
    Likes Received:
    12
    [Apr 1, 2014]
    So, while my.audi.com is certainly nice and useful, Im shocked at the obvious security loophole presented by the password reset feature.

    Basically, to take control of someone's myAudi account, you need the following information:

    • email account associated with the user
    • the answer to the secret question, which the user picked from a list upon registration
    When the secret question is along the lines of "Your father's first name" and "Which city where you born", its obvious that it does take much research to take control over an account. I notified my local dealer about this and they forwarded my concern to Audi (somehow), but that was months ago and nothing has changed.

    So what can you do with access to a my audi account? Well, first of all you can get a hold of information such as the VIN number, destination addresses, your Audi Link code, etc.

    Is there a better way to bring up the issue? I just feel it would be so simple to adjust the system to at least send you an email with a confirmation link before you can set a new password.
    #1
  2. Ads

    Ads

    [Dec 20, 2014]

  3. AlpineCab
    Offline

    AlpineCab Member

    Joined:
    Jan 14, 2013
    Messages:
    31
    Likes Received:
    2
    [May 15, 2014]
    send an email to the webmaster (thinks it's run from germany).

    If the security concerns are that serious (and they might be if you were the owner of an RS model) then you have to weigh that against the advantages...

    What does the site give you anyway? (
    #2

Share This Page