EXNESS disclosed a bug submitted by ashwarya: https://hackerone.com/reports/1644436 – Bounty: $1000 [Source]