[HN Gopher] '123456' password exposed chats for 64M McDonald's j...
       ___________________________________________________________________
        
       '123456' password exposed chats for 64M McDonald's job applicants
        
       Author : nan60
       Score  : 16 points
       Date   : 2025-07-11 21:48 UTC (1 hours ago)
        
 (HTM) web link (www.bleepingcomputer.com)
 (TXT) w3m dump (www.bleepingcomputer.com)
        
       | deafpolygon wrote:
       | Incredible! That's the combination to my matched luggage!
        
       | bsuvc wrote:
       | It sounds like there were two separate problems:
       | 
       | The first was that 123456 was the credentials for the admin
       | panel.
       | 
       | The second was an insecure direct object reference, where the
       | lead_id querystring parameter can be changed on an API call to
       | retrieve another applicant's data.
        
       ___________________________________________________________________
       (page generated 2025-07-11 23:00 UTC)