ApathyTree@lemmy.dbzer0.com
on 28 Jan 2024 19:03
collapse
Well if that isn’t a great way to ensure nobody comes forward when they find major vulnerabilities, idk what is.
Hope he wins the appeal.
Funkymatt@lemmy.world
on 28 Jan 2024 19:38
nextcollapse
It looks like the charges are from using the credentials they found not just for finding them. It’s definitely a crap charge because logging into the DB exposed the wider issue of being able to access other customers records.
xinayder@infosec.pub
on 29 Jan 2024 15:44
collapse
The only thing I see they did wrong was to disclose the vulnerability before waiting for a comment from the software company.
threaded - newest
Well if that isn’t a great way to ensure nobody comes forward when they find major vulnerabilities, idk what is.
Hope he wins the appeal.
It looks like the charges are from using the credentials they found not just for finding them. It’s definitely a crap charge because logging into the DB exposed the wider issue of being able to access other customers records.
The only thing I see they did wrong was to disclose the vulnerability before waiting for a comment from the software company.