An IDOR that can lead to enumeration of a user and disclosure of email and phone number within cashier

As an attacker, it was possible to exploit IDOR on https://cashier.unikrn.com. Huge thanks to Miquinho for spotting that vulnerability on https://cashier.unikrn.com. It was during the https://cashier.unikrn.com/cashier/transaction-history session handshake where we found out you could actually get access to another customer's data. Miquinho, the initial report was hard for our security team to reproduce, but you really helped to reproduce the issue. Thank you!