On a job application site for my local government it reveals if a specific social security has been used or not on that site. The site is very outdated.
You must log in or # to comment.
“secret question”
yup, that looks about 20y out of date
When uploading my resume there was a little animation of a globe spinning.
This is CWE-204, there are loads of big companies that don’t care about this. Netflix is one of them where you can enumerate registered users email addresses from the login screen.
If you want to report this to them you can check if they have a security.txt file at https://domainhere/.well-known/security.txt where they should list the contacts to their security team.
deleted by creator
deleted by creator
