Skip to content
This repository has been archived by the owner on Oct 21, 2022. It is now read-only.

Issues: edubadges/audit

24 Open 16 Closed
24 Open 16 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

Enumeration of registered email addresses via user profile API bug-infoleak risk-moderate Security issues with a moderate impact
#38 opened Jun 18, 2018 by sveeke Pilot 2018
2
Timing-side channel in API helps testing if an email address is registered bug-infoleak risk-moderate Security issues with a moderate impact
#29 opened Jun 18, 2018 by sveeke Pilot 2018
Upload files with arbitrary extensions to publicly accessible URL bug-file-upload risk-high Security issues with a high impact
#27 opened Jun 18, 2018 by sveeke Pilot 2018
1
Hardcoded Unsubscribe token in settings.py bug-infoleak risk-moderate Security issues with a moderate impact
#25 opened Jun 18, 2018 by sveeke Pilot 2018
3
Use any e-mail-address as the issuers address. bug-functionality Abuse of functionality risk-low Security issues with a low impact
#24 opened Jun 18, 2018 by sveeke
4
Frameable response (potential Clickjacking) bug-infrastructure Bugs inside SURFnet's infrastructure risk-moderate Security issues with a moderate impact
#23 opened Jun 18, 2018 by sveeke Pilot 2018
1
SSL Medium and RC4 Ciphers supported bug-infrastructure Bugs inside SURFnet's infrastructure risk-moderate Security issues with a moderate impact
#22 opened Jun 18, 2018 by sveeke Pilot 2018
1
Authentication Token In URL bug-infoleak risk-moderate Security issues with a moderate impact
#19 opened Jun 18, 2018 by sveeke Pilot 2018
2
SSH Server Publicly Accessible bug-infrastructure Bugs inside SURFnet's infrastructure risk-low Security issues with a low impact
#18 opened Jun 18, 2018 by sveeke Pilot 2018
@sveeke
2
No rate limiting on resend verification mail. bug-security risk-moderate Security issues with a moderate impact
#17 opened Jun 18, 2018 by sveeke Pilot 2018
1
Improve Input Validation and output Sanitization. bug-security risk-low Security issues with a low impact
#16 opened Jun 18, 2018 by sveeke Pilot 2018
Cipher Order Determined by Client bug-infrastructure Bugs inside SURFnet's infrastructure risk-low Security issues with a low impact
#15 opened Jun 18, 2018 by sveeke Pilot 2018
@sveeke
2
Insecure API Session Management bug-security risk-elevated Security issues with a elevated impact
#14 opened Jun 18, 2018 by sveeke Pilot 2018
2
Json Parser Errors shown on screen. bug-security risk-low Security issues with a low impact
#13 opened Jun 18, 2018 by sveeke Pilot 2018
1
Web Browser XSS Protection Not Enabled bug-infrastructure Bugs inside SURFnet's infrastructure risk-low Security issues with a low impact
#12 opened Jun 18, 2018 by sveeke Pilot 2018
@sveeke
1
Insecure Password Policy bug-security risk-elevated Security issues with a elevated impact
#11 opened Jun 18, 2018 by sveeke Pilot 2018
1
The provider parameter does not use the proper error control bug-infoleak risk-low Security issues with a low impact
#10 opened Jun 18, 2018 by sveeke Pilot 2018
1
Host header poisoning bug-security risk-low Security issues with a low impact
#9 opened Jun 18, 2018 by sveeke Pilot 2018
1
User Enumeration using the issuer manage staff functionality bug-infoleak risk-low Security issues with a low impact
#8 opened Jun 18, 2018 by sveeke Pilot 2018
1
The "name" parameter of the award a badge functionality lacks any input validation bug-security risk-low Security issues with a low impact
#5 opened Jun 18, 2018 by sveeke Pilot 2018
3
Outdated Nginx webservers installed bug-outdated risk-low Security issues with a low impact
#4 opened Jun 18, 2018 by sveeke Pilot 2018
1
No Bruteforce Protection on Account Login bug-security risk-moderate Security issues with a moderate impact
#3 opened Jun 18, 2018 by sveeke Pilot 2018
4
Missing HTTP Strict-Transport-Security Headers bug-infrastructure Bugs inside SURFnet's infrastructure risk-low Security issues with a low impact
#2 opened Jun 18, 2018 by sveeke Pilot 2018
@sveeke
2
SSH Server on surf-dev2.edubadges.nl has CBC Mode Ciphers Enabled bug-infrastructure Bugs inside SURFnet's infrastructure risk-low Security issues with a low impact
#1 opened Jun 18, 2018 by sveeke Pilot 2018
@sveeke
1
ProTip! Updated in the last three days: updated:>2025-01-01.