Below you will find pages that utilize the taxonomy term “Coordinated Disclosure”
Blog
CSN Follow-Up: Another CAPTCHA Problem Hidden In Plain Sight
This is a follow-up on the previous post Brute-Forcing Borrowers’ PINs at the Swedish Board of Student Finance (CSN) where I describe some vulnerabilities discovered in August 2020 and the response from CSN. It seems I missed another problem with the CAPTCHA though. And it was right in front of my eyes…
Blog
Brute-Forcing Borrowers' PINs at the Swedish Board of Student Finance (CSN)
The Swedish Board of Student Finance CSN is the government agency that manages Swedish student finance, i.e. grants and loans for studies. They also manage driving licence loans and home equipment loans. (Source)
This is the story of when I found two security vulnerabilities in their login functionality and reported it to them.