145

submitted 1 week ago by PriorityMotif@lemmy.world to c/cybersecurity@sh.itjust.works

31 comments fedilink hide all child comments

On a job application site for my local government it reveals if a specific social security has been used or not on that site. The site is very outdated.

you are viewing a single comment's thread
view the rest of the comments

[-] thenumbernine@infosec.pub 9 points 1 week ago

This is CWE-204, there are loads of big companies that don't care about this. Netflix is one of them where you can enumerate registered users email addresses from the login screen.

If you want to report this to them you can check if they have a security.txt file at https://domainhere/.well-known/security.txt where they should list the contacts to their security team.

this post was submitted on 07 Dec 2025

145 points (97.4% liked)

Cybersecurity

8813 readers

38 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !securitynews@infosec.pub !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 2 years ago

MODERATORS

kid@sh.itjust.works

Lanky_Pomegranate530@midwest.social