GSA Bounty: Stealing Users OAuth Tokens through redirect_uri parameter

I found that https://login.fr.cloud.gov/oauth/authorize has vulnerability by open redirect on oauth redirecturi which can lead to users oauth tokens being leaked to any malicious user. Step : 1, Clicked on link...

GSA Bounty: Email Spoofing - SPF record set to Neutral

Hi, Introduction: There is a email spoofing vulnerability.Email spoofing is the forgery of an email header so that the message appears to have originated from someone or somewhere other than the actual source. Email spoofing is a tactic used in phishing and spam campaigns because people are more...

GSA Bounty: federalist.18f.gov vulnerable to Sweet32 attack

The researcher noted that federalist.18f.gov allows use of the TLSRSAWITH3DESEDECBCSHA cipher, which is now marked as "weak" in SSL labs because of risks of MitM attacks given this vulnerability: https://sweet32.info/, which requires monitoring of a long lived HTTPS connection. We inherit this...