[python-events] To Report A Critical Vulnerability On python.org
Ashish Patel
patel.ashish874 at gmail.com
Sat Mar 28 14:59:15 CET 2015
Greetings,
My Name is Ashish Patel. I am a young security researcher
from India, while
surfing your website i have found a very serious
vulnerability known as User Enumeration and Guessable User Account &
bruteforce
that can lead your users data and
reputation attacks
if found by any malicious attacker.
So being a young reputed security researcher from India
its my duty to report this vulnerability to you.
reference about this ==>
https://www.owasp.org/index.php/Testing_for_User_Enumeration_and_Guessable_User_Account_%28OWASP-AT-002%29
link==>https://www.python.org/accounts/password/reset/
HERE is the POC video (proof of concept )of this vulnerability:?
-------------------------------------------------------------------------------
==>
https://drive.google.com/file/d/0B8TWgFm5L9GELVhVc2xBc21qRFE/view?usp=sharing
-------------------------------------------------------------------------------
I hope you will make the best use of the report and patch
the vulnerability in no time. For any further assistance feel
free to revert.
I will be happy to assist your team if you
need my
assistance.
Waiting for the acceptance of a suitable* remedy* for
reporting the
vulnerability.
thanks to all...
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-events/attachments/20150328/c8c6132c/attachment.html>
More information about the python-events
mailing list