Collaborate Disseminate
When logging in to the application, on providing incorrect creds the application shows j_spring_security_check – Stack Trace Error.
Is it a security vulnerability or not? as it helps an attacker to get an idea of the backend stack and narr… Continue reading j_spring_security_check – Stack trace Error [closed]
It seems that some HackerOne reports such as https://hackerone.com/reports/1884372 claim that having HAProxy statistics page visible to the world is a security vulnerability.
Since HAProxy default stats enable configuration is always read-… Continue reading Why would publishing read-only HAProxy statistics page be considered a security vulnerability?
I have an old hp all in one printer model 8615 e that I would like to throw away but before I do, I’d like to make sure to wipe its memory(if any). It says it comes with 128 MB. I’ve been told some of these devices do hold on to informatio… Continue reading Does my hp 8615 e all in one printer have volatile memory [closed]
I encountered an open TCP/143 IMAP port which responded with this banner:
* OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ STARTTLS AUTH=PLAIN AUTH=LOGIN AUTH=DIGEST-MD5 AUTH=CRAM-MD5] Dovecot ready.
From this I … Continue reading What does the IMAP banner alone show regarding security (STARTTLS, hashing, information disclosure)?
An ethical hacker found that a system I own, has an exposure of information. They were able to determine the programming language, a web framework and the exact versions of both from a stack trace by causing an unhandled exception in the a… Continue reading Should bounties be paid for information exposure?
A few days ago someone tried to log into my bank account, the attempt was unsuccessful but it was quite concerning. I’ve spent the past weekend moving my most important accounts to alternate emails and setting up TFA everywhere. I plan to … Continue reading I have found my email online in a .txt file. What should be my next steps? [closed]
I have a scenario where the developers are using SafetyNet API to protect their Android apps. I observed that the SafetyNet API key has been hard-coded within the apk file. This is the first time I came across this behaviour.
Is this expos… Continue reading Is having hard-coded API keys such as the SafetyNet API key considered a vulnerability?
One of my close relatives recently passed away. They had a large digital footprint, and their data was leaked and distributed on the internet. Unfortunately, the websites who store that information keep giving glib responses to requests fo… Continue reading Would an attacker want the PII (personal information) of a deceased natural person?
So, I wanted to get this game (to try it as it had no demo), so I went to a website, did not click on anything except the link to the Google drive folder, and then stupidly requested access to a Google Drive folder using my alt Google acco… Continue reading I gave my first name and alt email to someone I don’t know, will that reveal who I am?
In MacOS, each folder has a hidden .DS_Store file. If I compress a folder on MacOS, the zip file will contain those .DS_Store files. What information is contained in those files, and does it expose any information about me, my device, my o… Continue reading Are there privacy risks in sharing the MacOS .DS_Store files? [migrated]