Visma Public: HTTP Request Smuggling at app.workbox.dk

The researcher was able to find a HTTP request CL.TE smuggling vulnerability at app.workbox.dk. The likely consequences would have result in interfering with normal user traffic, leak 'Session Cookies, leak PII info...

Visma Public: Session replay vulnerability in app.workbox.dk domain

The researcher found that sessions don't expire when users logs out of their account. This means that if the session cookie and it's value is known, an attacker can impersonate the owner of the account...