3 matches found
Snapchat: Password reset tokens sent to CSP reporting endpoints
Description: It has been identified that the application is leaking referrer token to third party sites. In this case it was found that the password reset token is being leaked to third party sites which is a issue knowing the fact that it can allow any malicious users to use the token and reset...
in follow-redirects/follow-redirects
BUG ====== Cookie header leaked to third party site and it allow to hijack victim account SUMMURY ============ When fetching a remote url with Cookie if it get Location response header then it will follow that url and try to fetch that url with provided cookie . So cookie is leaked here to...
Hiro: Blockstack Browser For Mac leaks "Core API Password" to 3rd parties
Hi Blockstack! 😃 I noticed that BlockStack Browser for Mac version is leaking the CoreAPIPassword via Referer Header to several websites: appco.imgix.net a third party site! F471236 api.app.co seems to have some blockstack affiliation? F471235 browser-api.blockstack.org F471237 Steps to Reproduce...