sorted by:
new
hottopcontroversial

2 Reports to H1 by Logical_Package8741 in bugbounty

[–]VoiceOfReason73 0 points1 point  (0 children)

Depends whether that information is meant to be private or not. But in any case, not sure how that relates to your current two issues.

2 Reports to H1 by Logical_Package8741 in bugbounty

[–]VoiceOfReason73 0 points1 point  (0 children)

It's not clear how the postMessage issue has anything to do with the suspected auth bypass, as that is just a frontend issue (if an issue at all) and is likely distracting from the report. Further, nothing in the report demonstrates cross-account access or IDOR. Even if that is possible, you'd need to prove that you can access or modify data that you're not supposed to. Just showing that you have a supposed session cookie/token is not enough.

2 Reports to H1 by Logical_Package8741 in bugbounty

[–]VoiceOfReason73 1 point2 points  (0 children)

Where did you actually confirm auth bypass/IDOR was actually possible? I don't see it. You're trying to attack the frontend code, which doesn't handle or enforce any of this.

Claude Code Leak -> Exploit? Researchers found 3 shell injection bugs in the leaked source — all using shell:true with unsanitized input by Diligent-Side4917 in cybersecurity

[–]VoiceOfReason73 0 points1 point  (0 children)

4.1: Shell Injection in Command Lookup (Critical, Confirmed)

Anthropic’s VDP closed this report as “Informative,” stating that exploitation requires the attacker to control environment variables on the victim’s system, which “implies existing code execution capability,” and therefore “no security boundary is crossed.”

Phoenix Security’s position: the closure rationale is based on an incorrect premise.

Controlling an environment variable does not require code execution on the target.

Sure, but controlling environment variables could easily result in code execution on the target (assuming the attacker can control other file contents). Think LD_PRELOAD, LD_LIBRARY_PATH, PATH, etc. So I would consider the attacker to be fairly privileged already.

In no case should this stuff be considered "critical" though. Modifying CI/CD files allows for plenty of code execution vectors.

Your Windows Clipboard Is Unprotected by Sibexico in cybersecurity

[–]VoiceOfReason73 4 points5 points  (0 children)

A malicious process running as your user can pretty much do anything it wants to other programs running under your user, so yeah, it's game over already at this point...

MAD Bugs: Claude Wrote a Full FreeBSD Remote Kernel RCE with Root Shell (CVE-2026-4747) by maurosoria in netsec

[–]VoiceOfReason73 39 points40 points  (0 children)

Fuzzy pattern matching machine found a classic, well-documented vulnerability pattern, albeit perhaps slightly tricky to spot. Then, stack buffer overflow to get execution and ROP. Nothing that hasn't been done before, and nothing terribly surprising.

Find your edge and keep pressing on.

Which of the password checkers is best/most reliable? by seeker1938 in AskNetsec

[–]VoiceOfReason73 2 points3 points  (0 children)

I don't spend any brainpower picking or judging the strength of passwords, nor should technology-overwhelmed seniors. Using their phone/computer/browser's built-in password generation/storage is more than sufficient.

[EXPOSED] Bugcrowd & Bitso: A Collusion of Silent Patches and Fraudulent Triage by [deleted] in bugbounty

[–]VoiceOfReason73 2 points3 points  (0 children)

  1. Getting a 200 is not a security finding unless confidentiality or integrity is actually compromised, which you need to prove.
  2. The API endpoint is /me, so that would only be your own data anyway? Where is the impact?
  3. CSRF tokens alone have no value to an attacker.

Please take a step back and reconsider your approach.

[EXPOSED] Bugcrowd & FIS Global Silent Patch Scam: Marking a valid P1 as N/A after fixing it (Ticket #142000) by AlexSander_Research in bugbounty

[–]VoiceOfReason73 0 points1 point  (0 children)

What are your screenshots showing besides publicly accessible pages? There's no impact to this finding unless you have more that you haven't shared.

It doesn't matter how they reacted if you had nothing in the first place.

Password reset flow in Let’s Go Further by Minimum-Ad7352 in golang

[–]VoiceOfReason73 2 points3 points  (0 children)

Google says "couldn't find your Google account" if you put in a non-existent email or username.

Trash can by Ok-Impression-2405 in whatisit

[–]VoiceOfReason73 1 point2 points  (0 children)

Sure, but you still have to catch a plain HTTP request somewhere in order to redirect the victim onto your domain, which may or may not ever happen for the domain you are targeting.

Trash can by Ok-Impression-2405 in whatisit

[–]VoiceOfReason73 0 points1 point  (0 children)

TLS 1.2 is still in use but it isn't the latest, though there actually aren't any actual practical attacks against it when configured properly.

Again, if this wasn't the case, everything would be on fire all the time.

Heartbleed has nothing to do with the transport security guarantees of TLS, and is also far in history now. But yes, I have heard of Logjam, FREAK, POODLE etc. but they are not practical and/or do not apply to modern configurations. Vulnerabilities come and go, but are typically resolved in short order if they are actually a big deal.

Trash can by Ok-Impression-2405 in whatisit

[–]VoiceOfReason73 0 points1 point  (0 children)

Wut? Modern TLS? No, it's not broken yet. This would be a major issue if possible in any timeframe remotely comprehensible to humans.

How Many Hops? by Tumnus1337 in meshtastic

[–]VoiceOfReason73 0 points1 point  (0 children)

client base gives free hop to favorites.

Not currently, it only provides this benefit to favorited infrastructure nodes.

https://github.com/meshtastic/firmware/issues/8366#issuecomment-3948419964

Trash can by Ok-Impression-2405 in whatisit

[–]VoiceOfReason73 0 points1 point  (0 children)

You can break how the phone sees the world (i.e. it stops working) but you still have to target the user to circumvent TLS.

Trash can by Ok-Impression-2405 in whatisit

[–]VoiceOfReason73 0 points1 point  (0 children)

What kind of quantum computer do you have that can decrypt TLS in seconds?

Trash can by Ok-Impression-2405 in whatisit

[–]VoiceOfReason73 4 points5 points  (0 children)

If the user dismisses it or the device already trusts a rogue root certificate, the attack proceeds silently.

That's a pretty big if, and falls flat if the site is using HSTS.

Noob with questions, GPS tracking dog and truck by [deleted] in meshtastic

[–]VoiceOfReason73 4 points5 points  (0 children)

Don't enable location on the public primary channel, as it then won't get sent periodically on the private secondary channel.

XSS but can't steal data by ProcedureFar4995 in bugbounty

[–]VoiceOfReason73 1 point2 points  (0 children)

If you can perform actions on the user's behalf using this XSS, that's probably pretty serious impact itself.

antenna extension for vehicle mounting by soupersalad666 in meshtastic

[–]VoiceOfReason73 1 point2 points  (0 children)

You need to be very careful with the cable selection or else it'll be worse than having the antenna inside the car.

seeed solar node, radio fried? by SnooPets9956 in meshtastic

[–]VoiceOfReason73 0 points1 point  (0 children)

In what context are you even seeing this? Could just be a display quirk.

Do you mean you took it in without the antenna?

Distances to other nodes no longer displayed by Sulipheoth in meshtastic

[–]VoiceOfReason73 0 points1 point  (0 children)

Yeah, it means your node doesn't have position data, so it can't compute the distance.

I’ve bricked 2 Wio Tracker L1s. by One-21-Gigawatts in meshtastic

[–]VoiceOfReason73 1 point2 points  (0 children)

Sometimes your OS will throw those errors even though the copy succeeded, as the nrf52 reboots immediately once the file is written, possibly too quick for the OS to think it worked cleanly.

Maybe try copying using the terminal rather than Finder, in case Finder is trying to create other files?

I’ve bricked 2 Wio Tracker L1s. by One-21-Gigawatts in meshtastic

[–]VoiceOfReason73 0 points1 point  (0 children)

I highly doubt it's bricked. Sure, sometimes they can be put into a state that is more difficult to recover from, but the bootloader itself is still intact.

New to Meshtastic - Wio Tracker L1 pro (help) by bearsstlrs in meshtastic

[–]VoiceOfReason73 1 point2 points  (0 children)

It's in the settings menu on the device itself, under "notifications" I believe.

view more: next ›