fsebugoutzone.org:9999

       Post B1iS08CzKxvmt9WIy0 by SecureOwl@infosec.exchange
 (DIR) More posts by SecureOwl@infosec.exchange
 (DIR) Post #B1iS01of6UuJ3y5nDU by SecureOwl@infosec.exchange
       2025-07-23T00:13:52Z
       
       0 likes, 0 repeats
       
       Have some more testing to do to 100% confirm it, but I am pretty sure I have accidentally stumbled across a stupidly devastating security/privacy bug in one of the most commonly used enterprise SaaS products on the market. If my remaining tests play out as I’m expecting, it’d be a stalkers / identity thief’s dream.
       
 (DIR) Post #B1iS03MNMdT9qosEPA by SecureOwl@infosec.exchange
       2025-07-25T00:23:38Z
       
       0 likes, 0 repeats
       
       Confirmed this today and reported it.Essentially, the vulnerability in the tool is that *in a specific circumstance* - which is that person has an existing account in the product from a previous employer (which many people do, since its so widely used), all you need is their personal email address.With that you can address, without any further interaction from the victim, the tool will give you their:- date of birth- ssn- last known street address- phone number
       
 (DIR) Post #B1iS04UZ9fcBMViHoG by SecureOwl@infosec.exchange
       2025-07-25T00:24:42Z
       
       0 likes, 0 repeats
       
       Oh and any banking info on file
       
 (DIR) Post #B1iS05Kg1vIZy85u2C by SecureOwl@infosec.exchange
       2025-07-26T02:02:53Z
       
       0 likes, 0 repeats
       
       Good response from the vendor security team on this, got a reply in less than 12 hours, treating it as a valid critical bug.
       
 (DIR) Post #B1iS06Oc4m2dGcwYoC by SecureOwl@infosec.exchange
       2025-08-23T16:43:17Z
       
       0 likes, 0 repeats
       
       Since it’s been a month, a quick update on this one: the confirmed “valid critical bug” that was acknowledged by this vendor within 12 hours is still present, still exposing all the things….
       
 (DIR) Post #B1iS07LoWfOeEEdq5I by SecureOwl@infosec.exchange
       2025-12-28T18:22:09Z
       
       1 likes, 0 repeats
       
       It’s been 5 months now.I submitted this issue through a managed bug bounty program.The vendor acknowledged it pretty quickly (within 12 hours), but I’ve had little info since then. It sits open in the queue. The labels “P1” “Critical” and “Unresolved” adorn the bug bounty tracker UI.The company that manages the bug bounty has been unable to get them to respond.A reminder that if you are going to do a bug bounty, you should do it properly.
       
 (DIR) Post #B1iS08CzKxvmt9WIy0 by SecureOwl@infosec.exchange
       2025-07-23T00:35:00Z
       
       0 likes, 0 repeats
       
       It’s in a category of vulnerabilities that I like to call “well intentioned, but stupid” - and yes, that deserves to be a category.The good intention is that it is caused by exposing information in a user facing audit log, to allow you to better track when a change is made and by whom.The stupid part is, when you have an audit log in a multi-tenant environment, and a user can be part of many tenants…well you need to be selective about the events your audit log displays.This is especially true when you can add anyone to your tenant by something as easy to obtain as an email address…