On a job application site for my local government it reveals if a specific social security has been used or not on that site. The site is very outdated.
On a job application site for my local government it reveals if a specific social security has been used or not on that site. The site is very outdated.
This is CWE-204, there are loads of big companies that don’t care about this. Netflix is one of them where you can enumerate registered users email addresses from the login screen.
If you want to report this to them you can check if they have a security.txt file at https://domainhere/.well-known/security.txt where they should list the contacts to their security team.