alt Hacker NewsNice chain and write-up. I don't know that I would call eval() on user input, hard coded secrets, and leaked credentials small or harmless. All of those are scary on their own.
Nice chain and write-up. I don't know that I would call eval() on user input, hard coded secrets, and leaked credentials small or harmless. All of those are scary on their own.
Yeah...and the fact that they evidently had no responsible disclosure process and ghosted the reporter...for a security product?!
Big yikes.