Critical Unauthenticated Access to Sensitive Employee and Customer Data Including Invoice Details at ████

Summary: During a reconnaissance phase, a directory named 'SSO' was discovered on the website ████████. Upon accessing this directory, it redirected to ██████████ , where sensitive employee and customer data, including usernames, emails, purchase history, payment history, bills, phone numbers, customer numbers, credit card numbers, and invoice details, were found to be accessible without requiring any authentication. Additionally, the system logged the user in automatically without the need for authentication. Notably, the vulnerability is associated with the redirection from the 'SSO' directory to '██████████ .'