Deep dive into two logic vulnerabilities discovered and reported through Swisscom's Bug Bounty Program. These affected MyCloud Safe, Swisscom's end-to-end encrypted cloud storage solution. This post concludes with some thoughts about finding more complex vulnerabilities.

Securing the Computer Security Course: Discovering a Session Hijacking Vulnerability in EPFL's COM-301 Website

Thomas Houhou

Story and details about a session-related vulnerability found in EPFL's COM-301 homework submission and grading website, which eventually allowed any student to take over another student's account.

Get notified of new posts!

Feel free to sign-up right below to receive an email every time a new post is published :)

Discovering Logic Vulnerabilities in Swisscom's End-to-End Encrypted Cloud Storage for $4,000

Securing the Computer Security Course: Discovering a Session Hijacking Vulnerability in EPFL's COM-301 Website

Get notified of new posts!