Out of Scope Vulnerabilities
Vulnerabilities below will be marked NA or Informative.
- Logout CSRF
- Session Fixation (We use session cookies and we like them http://bit.ly/2tw19Gd )
- Insufficient Session Expiration
- Weak Password Policy (See http://bit.ly/2uFjwXt )
- Password Reuse (We allow any password, even passwords used previously)
- CSRF Cookie Without 'HttpOnly' Flag
- Beast Attack (Fixed in browsers not sever)
- Username Enumeration
- Software version disclosure
- Denial of service
- Social engineering
Please consolidate the same vulnerability reports when only the
View changes to this policy
The progam has been crawled by Firebounty on 2017-06-29 and updated on 2019-08-06, 194 reports have been received so far.