Carte Blanche

Luxury assets and lifestyle website registration via insecure connection

http://carteblanche.je/register-for-rewards/

What is the problem?

People who book jet or yacht charter using this service are invited to register to receive reward points, providing personal and contact info over an insecure connection. While HTTPS encryption is available, it is not the default, and switching to it manually breaks the site layout due to hard-coded http:// links to page assets in the page template.

Disclosure Policy

Prior to public disclosure, notification about any privacy or security issues discovered were sent by email to the operator of this website on 4th August 2018, using either an email address publicly discoverable on the site, or the RFC 2142 standards compliant address "webmaster@..." if no public email address was provided.

At time of posting the issue had not yet been resolved.