The triager neho just closed one report of mine with a flaw that leaks 190k+ Swedish security numbers as DUPLICATE.
​
BUT THE FLAW IS FROM THE SITE UPDATE FROM 08/06 and there was no report before mine since this.
​
Wtf is going on? are they broke?
Hello good friends.
Intigriti now have pré triage state? how does it works?
Hello, i new.
Question and curiosity: why does brute force is always forbiden?
It is question. Brute force is useful some cases.
I had report flaged as out of scope proven Ato using hard brute force on weak auth on program.
I know it was going to be out of scope, but if i would robbery their site is still valid cenário. No rate limit with 130 paralell workers bypassing captcha to get ATO no click in 4 digit case.
Reported anyway. Big site and Ato there could lead to integrate login. Conpany now knows. Low pay, did for free.
I wonder. Do the company knows we use this to steal when they mark brute force as out of scope? Real crime does not care