hi everyone i found a problem with mullvad and account generation this is just theory and a poc but this is opensource so i thought about this since mullvad account only have number why cant account just be brute forced and saved to a list of valid ones and it turns out it might me possible
remediation is hexadecimal accounts not just numbers
Generate Account Numbers Sequentially: Use a tool like seq in Linux or Python to generate numbers in the required 16-digit format.
Test Against Mullvad's API: Use curl or a similar tool to send HTTP requests to the Mullvad endpoint to check if an account number is valid.
Save Valid Accounts: If the API response indicates the account is valid, save the number to a file.
validgen is the final poc
poc: https://github.com/s-b-repo/mullvad-vpn-account-gen