In 2020 a rash of anti-zoom propaganda that I'm almost certain was driven by Microsoft led to a company-wide prohibition on using anything other than Teams "for security reasons" where i worked.
This was, I am almost certain, inspired by Microsoft corporate sales getting their hooks into management.
This was largely because of news stories like "end to end encryption doesnt really work as advertised" and "if you leave a room password unprotected bad people will enter". The level of press coverage was off the scale compared to what Teams got for far worse issues.
> a rash of anti-zoom propaganda that I'm almost certain was driven by Microsoft
Zoom had and continues to have a significant developer presence in China. Those individuals are subject to CCP coercion. There was also a time when they routed American calls through the mainland [1]. That has been fixed. But it remains excessive to cast all past criticism of Zoom as Microsoft's work.
> In 2020 a rash of anti-zoom propaganda that I'm almost certain was driven by Microsoft led to a company-wide prohibition on using anything other than Teams "for security reasons" where i worked.
It was not propaganda. There was no privacy protection. I work for a K-12 and there was literally no way to configure Zoom such that it wasn't a massive FERPA violation waiting to happen. There was originally no way to gatekeep entrants to a virtual Zoom classroom. It even earned it's own term: Zoombombing [0]. It was completely unsuitable for use. It's like it was designed for the Internet of the 1990s.
The only way we figure that so many districts were using it was:
1. It was free when basically nothing else was.
2. There was no time to evaluate alternatives when the pandemic started.
3. They were hoping nobody was looking too closely.
4. They didn't properly evaluate Zoom or they just didn't tell anyone how Zoom didn't ensure privacy.
The security issues like end-to-end encryption not actually being end-to-end encryption (unless you consider the man in the middle to be two ends, forwarding messages between the other two ends) were not propaganda - they really existed. It isn't even propaganda to say Zoom published very questionable statements (or if I allow myself to be slightly less charitable: the occasional outright lie) about those issues, because it is demonstrably true that this happened.
> that I'm almost certain was driven by Microsoft
You might need to present some evidence for that rather bold claim.
> [comparison with past MS security issues]
Teams is far from perfect, I am not a fan of it at all, and that security issue was real too IIRC, but you are using some very selective reasoning bringing it up at the same time as downplaying the serious flaws present in Zoom in the same period.
Honestly I fail to understand why Zoom seems to have so many fans. I find the UI confusing, on my Linux machine having a call with video will lead to the CPU cooler going into overdrive, I often have to leave and re-enter calls because audio output isn't working, etc. etc.
Um, just think of what you're suggesting. At MS some department (marketing, sales, product managers, devs?) somehow coordinated a bunch of press leaks (not sure how these were even determined to be 'leaks'), made sure that media outlets collectively believed that they were problematic, and then used those leaks to influence sales?
It's a stretch to attribute to malice what can be attributable to other environmental factors. Could it be that Zoom was/is the dominant player in the video conferencing space in 2020/2021, so media outlets were keen to cover stories around Zoom? WebEx and Google Hangouts vulnerabilities have also not received as much coverage as Zoom.
At least in Germany the most common reason not to use Zoom has been privacy and data protection, not so much security. Haven't heard the security reason yet.
As an anecdote I know of a certain top-100 company that ditched their in-house competitor to Teams because MS made them a sweeter O365 deal. For a time management forced them to use Teams even though they were still developing AND licensing the in-house competitor to other companies.
MS is really aggressive with Teams marketing (specially for large bureaucratic enterprise) and I could totally see them doing what you mention.
What I know is that almost every company I have to deal with use Office 365, so they use Teams, and almost every school in my area use Google Suite (BigG got quite good at being the new Microsoft), so they use Google Meet.
Almost no one use Zoom anymore simply becase it's not integrated with anything.
It’s because Zoom was a joke from a security perspective, and the Chinese angle was a bad look, too. I use Zoom only via the browser. It doesn’t solve the potential spy problem, but it does solve the “not installing malware on my machine” problem.
The idea that it was MS Teams’s sales team behind the anti Zoom “propaganda” (lets accept that it was propaganda for now) doesn’t make much sense because it was never obvious that MS would be the beneficiary of people moving away from Zoom.
Teams was half baked at best, and lacked a vast majority of the features that made Zoom useful. For example, it was only well into the pandemic that Teams gained the ability to have virtual backgrounds. You couldn’t have meetings with more than 10 or so people until very recently. Pretty much none of the features that made Zoom popular were even possible on Teams.
The real beneficiary should have been Google Hangouts, but Google moved too slowly (actually, it would probably be more accurate to say that Google didn’t move at all…or if they did they moved backwards).
Zoom put a backdoor (like, a full web server) in their Mac version and didn't even remove it when outed until Apple pushed an update that killed it for them. Which was a big unprecedented step.
Mistakes happen. Total lack of action when it happens shows at the very least a total disinterest. They definitely did lack a focus on security and privacy at that time.
I agree Microsoft is pretty aggressive and teams is a pig of an app in my opinion (slow and bloated) but zoom really dug their own grave too IMO.
For what it's worth I find Jitsi delightful and super performant. I use teams a lot with work and Jitsi with our makerspace and it's just so much better at the video conferencing role.
To be fair, Zoom had some issues even before it came to the spotlight. At one point when you installed the desktop client it also installed a hidden webserver for some reason. [0]
It wasn't propaganda, Zoom was about as insecure as they come. Teams is a pile of junk as well. The only one that seems to work reasonably well is Google 'Meet', and that's super frustrating because this was a solved problem in ... 1995.
I work with several large organisations, all using Teams.
In every instance, the previous solution (Slack/Zoom/Discord) was replaced by Teams following higher management making the switch for reasons like "it's included in Office 365" or a new hire influencing the migration to Microsoft solutions.
In every instance, the application was/is not well received by the employees - it's slow, buggy, crazy complicated and generally doesn't feel "right".
Microsoft is good at channeling security topics for their PR, but at the end of the day they make software, just like everybody else (and this software is subject to bugs, just like everybody else).
It's really disappointing that the vulnerabilities have not yet been addressed...
Anecdotally (as a counterpoint), we also went with teams, and it’s been… fine. There are bugs, but they’re mostly in the category of “irritating” rather than “massively disruptive”. It’s nice that teams is integrated with the rest of Microsoft’s 365 and outlook stuff, and service uptime has been good enough. From my POV, the differences vs Slack have been pretty minor (although I recognize that my experience isn’t universal).
That said, yeah, leaving vulns and/or the irritating bugs open for as long as they have is silly.
One in this temperament: try accidently pasting a very large amount of data in the chatbox in Teams. Then spend the next 40 minutes re-starting Teams to try to remove the data from said box while your laptop tries to fly away and Teams keeps many processors and gigs of memory lit trying to parse your data.
Microsoft should (but won't) reconsider the idea that one chatbox to rule many underlying types of software is a good idea.
MS Teams is the worst software I've ever used. This is not hyperbole. A room full of monkeys on a typewriter would never create something as bad as teams.
> We reported the issues to Microsoft in March 2021, who has only remediated one so far
I feel that I read something like this almost every single time Microsoft is mentioned in a vulnerability disclosure. What makes the company so bad at dealing with security reports? I don't expect it to be a lack of talents or resources, or is it?
Teams has a bunch of anti-features that I have to click off, including this one.
The micro update also tend to break something. For example a November patch broke list in chat, a futher one broke list in general. I have to enter the edit mode every time I want to enter a list.
I think the ability to use ''' to enter code snippets was also broken a while ago, and in another patch the indentation of such code block was gone as well.
I think they are trying to force us to use the editor mode.
Teams is sometimes comically bad... For instance, 4 people in a video chat, not an uncommon use case. The simples and most logical screen layout would be 1/4 of the screen each. No: one person gets 1/2 the screen, with a tall vertical slice. Two people get 1/4 of the screen, normal aspect ratio. And you get a tiny window in the top corner.
I remember a few months ago I got a bug-report from a customer that "their site didn't show in link-previews in MS-Teams".
The URL includes a German "Umlaut": ü
After tracing the HTTP requests received from the link-preview generation on the server (logging the network packets) I found that the "Host" header wasn't the expected/configured xn--test--ova.de (IDNA to ASCII).
To "work around it" I needed to add an extra VHost in Nginx with the server_name "test-\xFC.de" (that just redirected to a non-Umlaut domain).
I didn't bother or even know where to report it (to MS). But apparently not using proper tooling for URL handling / HTTP requests makes one wonder about the quality of the product or even possible security implications.
No surprise at the MS non-response here. Anyone forced to use Teams every day can see that it's being maintained by a skeleton crew (at best) on the dev side. Every single day I miss basic features (like global message linkability) that I came to love in Slack, and suffer 101 little bugs and annoyances that never seem to improve much.
MS clearly thinks Teams is "good enough" - enough of the feature checkboxes ticked that they can focus mostly on aggressively marketing it, making it seem crazy to use a separate third-party chat platform instead of Teams if you're using Azure.. even if does happen to be a buggy bloated beast, with almost unusably wretched mobile apps.
If there's just one area I wish we hadn't switched to MS-brand dogfood after making the move to Azure, it's chat/calling. It's a deceptively tricky domain to get it right in, and one where you really want as little friction as possible for all users.
"We should have stuck with Slack." - every team that ever switched to MS Teams.
I think the first vulnerability could also lead to a DoS if they point the server to its own lookup route?
Also sad to see how Microsoft is treating security researchers, instead of thanking them with a small bug bounty. Especially for the one (or maybe two) DoS vulns
The IP adress leak is also very common in a lot of "flashy" opensource projects trying to "solve" communications. Because apparently everyone wants his computer to visit a url to parse some data, so that one can decide whether the link is safe to click or not...
A private discourse forum (actually any forum software, sometimes spam bots post gifs for usercounting!) does this to great effect with media too - it just allows embedding everything it seems.
And then there is a university rocket-chat instance - with a big general-channel: And link-previews (enabled by default) somehow don't cache the images serverside, but let every client get them, because that's probably what works easiest with k8s, because who has a harddisk.
I have a hard time understanding why MS is investing so much into VS Code yet so little progress is made on MS Teams (which in theory should be more important to them as it has broader usage?).
Google Meet isn’t my favorite and browsers obviously aren’t immune to exploits, but things like this make me glad Meet is fully-featured and usable in the browser.
If this is turning into a Microsoft bashing thread I'll join in as well. I don't understand how text handling (highlighting, moving around etc.) works/feels different between Teams, Excel, Outlook, Word, the OS. They're all developed by the same company. Why do they integrate so messily?
Does anyone know why they have to do weekly micro patch? I mean who is the PM and does he/she really believe it's enough to do tests for weekly releases? The last patch on MacOS was released on the 16th and today I see anew patch.
It is unbelievable the difference in development velocity and quality of the final product if you compare Teams and VS code, both from Microsoft. Both apps are built on electron.
Teams is dog slow, VS code is probably the fastest electron app in existence.
Teams is full of bugs, and it seems they are unwilling to fix even security vulns (from TFA). VS code is free of bugs, even though I use it way more than Teams.
Teams is not fixing even security bugs, and VS code's update cycle is so frequent that it is annoying. I am surprised how long their version notes are.
This preview link vulnerability appears to be an easily implemented mistake. I wonder if having vertical development teams (client, api, etc) vs horizontal teams for a particular product makes this type of defect more likely. I could see how a client team would be likely to consume the preview link API without considering its internal implementation or that it could probe internal cloud infrastructure. The API mistake could have been easily made by any developer, particularly more green developers. Lack of a larger number of people involved with the entire horizontal stack could make this type of issue more likely to not be found.
My organization is considering restructuring teams from 1-3 horizontal teams (full stack) for a given product to 1-3 teams that focus only on one slice of the product. Seeing articles like this makes me contemplate if there’s more security risk with this approach.
Reading through these vulnerabilities, it feels like a handful of these are low priority or non-issues. This might be a controversial opinion, but it’s not clear to me why these issues ought to be prioritized and fixed expediently.
For example, it’s not clear to me why an IP address leak is considered problematic. And breaking chat or crashing on reload seems more akin to a bug a la iMessage link bugs like https://www.theverge.com/2018/1/18/16904774/ios-iphone-bug-c.... That type of issue should be fixed, but it’s not a vulnerability that’s meaningfully exploitable for either remote code execution, stealing client credentials, or stealing client data.
The IP leak one is really interesting to me. Considering the quip regarding the fact that centralized servers are performing the link preview operation because it's not using E2E encryption... But if it was, and the client machine was generating the preview, then wouldn't that force exposure of the client's IP to the remote server?
[+] [-] pydry|4 years ago|reply
This was, I am almost certain, inspired by Microsoft corporate sales getting their hooks into management.
This was largely because of news stories like "end to end encryption doesnt really work as advertised" and "if you leave a room password unprotected bad people will enter". The level of press coverage was off the scale compared to what Teams got for far worse issues.
The vulnerabilities werent nothing but they werent even in the same ballpark as the MS teams vulnerabilities foisted on us for "security reasons" like this howler they tried to cover up https://www.techradar.com/news/microsoft-may-have-downplayed...
[+] [-] JumpCrisscross|4 years ago|reply
Zoom had and continues to have a significant developer presence in China. Those individuals are subject to CCP coercion. There was also a time when they routed American calls through the mainland [1]. That has been fixed. But it remains excessive to cast all past criticism of Zoom as Microsoft's work.
[1] https://techcrunch.com/2020/04/03/zoom-calls-routed-china/
[+] [-] da_chicken|4 years ago|reply
It was not propaganda. There was no privacy protection. I work for a K-12 and there was literally no way to configure Zoom such that it wasn't a massive FERPA violation waiting to happen. There was originally no way to gatekeep entrants to a virtual Zoom classroom. It even earned it's own term: Zoombombing [0]. It was completely unsuitable for use. It's like it was designed for the Internet of the 1990s.
The only way we figure that so many districts were using it was:
1. It was free when basically nothing else was.
2. There was no time to evaluate alternatives when the pandemic started.
3. They were hoping nobody was looking too closely.
4. They didn't properly evaluate Zoom or they just didn't tell anyone how Zoom didn't ensure privacy.
[0]: https://en.wikipedia.org/wiki/Zoombombing
[+] [-] dspillett|4 years ago|reply
The security issues like end-to-end encryption not actually being end-to-end encryption (unless you consider the man in the middle to be two ends, forwarding messages between the other two ends) were not propaganda - they really existed. It isn't even propaganda to say Zoom published very questionable statements (or if I allow myself to be slightly less charitable: the occasional outright lie) about those issues, because it is demonstrably true that this happened.
> that I'm almost certain was driven by Microsoft
You might need to present some evidence for that rather bold claim.
> [comparison with past MS security issues]
Teams is far from perfect, I am not a fan of it at all, and that security issue was real too IIRC, but you are using some very selective reasoning bringing it up at the same time as downplaying the serious flaws present in Zoom in the same period.
[+] [-] polote|4 years ago|reply
[+] [-] rob74|4 years ago|reply
[+] [-] blahblah12|4 years ago|reply
It's a stretch to attribute to malice what can be attributable to other environmental factors. Could it be that Zoom was/is the dominant player in the video conferencing space in 2020/2021, so media outlets were keen to cover stories around Zoom? WebEx and Google Hangouts vulnerabilities have also not received as much coverage as Zoom.
[+] [-] ygra|4 years ago|reply
[+] [-] AshamedCaptain|4 years ago|reply
MS is really aggressive with Teams marketing (specially for large bureaucratic enterprise) and I could totally see them doing what you mention.
[+] [-] albertopv|4 years ago|reply
[+] [-] christophilus|4 years ago|reply
[+] [-] addicted|4 years ago|reply
Teams was half baked at best, and lacked a vast majority of the features that made Zoom useful. For example, it was only well into the pandemic that Teams gained the ability to have virtual backgrounds. You couldn’t have meetings with more than 10 or so people until very recently. Pretty much none of the features that made Zoom popular were even possible on Teams.
The real beneficiary should have been Google Hangouts, but Google moved too slowly (actually, it would probably be more accurate to say that Google didn’t move at all…or if they did they moved backwards).
[+] [-] GekkePrutser|4 years ago|reply
Zoom put a backdoor (like, a full web server) in their Mac version and didn't even remove it when outed until Apple pushed an update that killed it for them. Which was a big unprecedented step.
Mistakes happen. Total lack of action when it happens shows at the very least a total disinterest. They definitely did lack a focus on security and privacy at that time.
I agree Microsoft is pretty aggressive and teams is a pig of an app in my opinion (slow and bloated) but zoom really dug their own grave too IMO.
For what it's worth I find Jitsi delightful and super performant. I use teams a lot with work and Jitsi with our makerspace and it's just so much better at the video conferencing role.
[+] [-] mathattack|4 years ago|reply
As a firm their ethics seem to have improved since the 90s but a few bad apples…
[+] [-] rPlayer6554|4 years ago|reply
[0] https://www.theverge.com/2019/7/10/20689644/apple-zoom-web-s...
[+] [-] albertopv|4 years ago|reply
[+] [-] Fnoord|4 years ago|reply
[+] [-] michaelcampbell|4 years ago|reply
[+] [-] miles|4 years ago|reply
Perhaps it was driven by Zoom's poor security and privacy record?
Zoom banned from New York City schools due to privacy and security flaws https://www.fastcompany.com/90486586/zoom-banned-from-new-yo...
Google Told Its Workers That They Can’t Use Zoom On Their Laptops Anymore https://www.buzzfeednews.com/article/pranavdixit/google-bans...
Elon Musk's SpaceX bans Zoom over privacy concerns https://www.reuters.com/article/us-spacex-zoom-video-commn/e...
Apple pushes silent macOS update to remove web server secretly installed by Zoom https://9to5mac.com/2019/07/10/zoom-apple-macos-update/
Taiwan joins Canada in banning Zoom for government video conferencing https://www.cbc.ca/news/science/taiwan-zoom-video-conference...
Is Zoom the Next Huawei? ‘Puppet of Chinese,’ Say Critics https://securityboulevard.com/2020/06/is-zoom-the-next-huawe...
Zoom lied to users about end-to-end encryption for years, FTC says https://arstechnica.com/tech-policy/2020/11/zoom-lied-to-use...
DOJ charges highlight Zoom's China problem https://www.axios.com/china-zoom-charges-influence-1906e8e5-...
Zoom needs to clean up its privacy act https://blogs.harvard.edu/doc/2020/03/27/zoom/
Zoom security issues: Here's everything that's gone wrong (so far) https://www.tomsguide.com/news/zoom-security-privacy-woes
Mass move to work from home in coronavirus crisis creates opening for hackers: cyber experts https://www.reuters.com/article/us-health-coronavirus-cyber/...
Security and Privacy Implications of Zoom https://www.schneier.com/blog/archives/2020/04/security_and_...
‘Zoom is malware’: why experts worry about the video conferencing platform https://www.theguardian.com/technology/2020/apr/02/zoom-tech...
Ex-NSA hacker drops new zero-day doom for Zoom https://finance.yahoo.com/news/ex-nsa-hacker-drops-zero-1400...
Maybe we shouldn’t use Zoom after all https://techcrunch.com/2020/03/31/zoom-at-your-own-risk/
Attackers can use Zoom to steal users’ Windows credentials with no warning https://arstechnica.com/information-technology/2020/04/unpat...
The Zoom Privacy Backlash Is Only Getting Started https://www.wired.com/story/zoom-backlash-zero-days/
Hackers Are Selling a Critical Zoom Zero-Day Exploit for $500,000 https://www.vice.com/en_us/article/qjdqgv/hackers-selling-cr...
Researchers found and bought more than 500,000 Zoom passwords on the dark web for less than a cent each https://www.businessinsider.com/500000-zoom-accounts-sale-da...
Beware of ‘ZoomBombing:’ screensharing filth to video calls https://techcrunch.com/2020/03/17/zoombombing/
[+] [-] hoseja|4 years ago|reply
[+] [-] jacquesm|4 years ago|reply
[+] [-] winter_squirrel|4 years ago|reply
Would you happen to have any actual evidence to back this up with?
[+] [-] sebow|4 years ago|reply
[deleted]
[+] [-] isodev|4 years ago|reply
In every instance, the previous solution (Slack/Zoom/Discord) was replaced by Teams following higher management making the switch for reasons like "it's included in Office 365" or a new hire influencing the migration to Microsoft solutions.
In every instance, the application was/is not well received by the employees - it's slow, buggy, crazy complicated and generally doesn't feel "right".
Microsoft is good at channeling security topics for their PR, but at the end of the day they make software, just like everybody else (and this software is subject to bugs, just like everybody else).
It's really disappointing that the vulnerabilities have not yet been addressed...
[+] [-] 542458|4 years ago|reply
That said, yeah, leaving vulns and/or the irritating bugs open for as long as they have is silly.
[+] [-] watwut|4 years ago|reply
[+] [-] isbvhodnvemrwvn|4 years ago|reply
[+] [-] wjnc|4 years ago|reply
Microsoft should (but won't) reconsider the idea that one chatbox to rule many underlying types of software is a good idea.
[+] [-] IiydAbITMvJkqKf|4 years ago|reply
[+] [-] dgellow|4 years ago|reply
I feel that I read something like this almost every single time Microsoft is mentioned in a vulnerability disclosure. What makes the company so bad at dealing with security reports? I don't expect it to be a lack of talents or resources, or is it?
[+] [-] markus_zhang|4 years ago|reply
The micro update also tend to break something. For example a November patch broke list in chat, a futher one broke list in general. I have to enter the edit mode every time I want to enter a list.
I think the ability to use ''' to enter code snippets was also broken a while ago, and in another patch the indentation of such code block was gone as well.
I think they are trying to force us to use the editor mode.
[+] [-] waschl|4 years ago|reply
[+] [-] cloudengineer94|4 years ago|reply
[+] [-] stevesimmons|4 years ago|reply
[+] [-] kro|4 years ago|reply
After tracing the HTTP requests received from the link-preview generation on the server (logging the network packets) I found that the "Host" header wasn't the expected/configured xn--test--ova.de (IDNA to ASCII).
To "work around it" I needed to add an extra VHost in Nginx with the server_name "test-\xFC.de" (that just redirected to a non-Umlaut domain).
I didn't bother or even know where to report it (to MS). But apparently not using proper tooling for URL handling / HTTP requests makes one wonder about the quality of the product or even possible security implications.
[+] [-] nullymcnull|4 years ago|reply
MS clearly thinks Teams is "good enough" - enough of the feature checkboxes ticked that they can focus mostly on aggressively marketing it, making it seem crazy to use a separate third-party chat platform instead of Teams if you're using Azure.. even if does happen to be a buggy bloated beast, with almost unusably wretched mobile apps.
If there's just one area I wish we hadn't switched to MS-brand dogfood after making the move to Azure, it's chat/calling. It's a deceptively tricky domain to get it right in, and one where you really want as little friction as possible for all users.
"We should have stuck with Slack." - every team that ever switched to MS Teams.
[+] [-] derN3rd|4 years ago|reply
Also sad to see how Microsoft is treating security researchers, instead of thanking them with a small bug bounty. Especially for the one (or maybe two) DoS vulns
[+] [-] fock|4 years ago|reply
A private discourse forum (actually any forum software, sometimes spam bots post gifs for usercounting!) does this to great effect with media too - it just allows embedding everything it seems. And then there is a university rocket-chat instance - with a big general-channel: And link-previews (enabled by default) somehow don't cache the images serverside, but let every client get them, because that's probably what works easiest with k8s, because who has a harddisk.
[+] [-] m_mueller|4 years ago|reply
[+] [-] jonpalmisc|4 years ago|reply
[+] [-] raspyberr|4 years ago|reply
[+] [-] technion|4 years ago|reply
Microsoft wrote a not officially supported Powershell script to hack this in, noting this might be needed "perhaps for a critical security release".
https://github.com/microsoft/TeamsMsiOverride
[+] [-] hnthrowaway0315|4 years ago|reply
BTW the picture issue is still there.
[+] [-] hocker_news|4 years ago|reply
What do you mean by that exactly?
[+] [-] perryizgr8|4 years ago|reply
Teams is dog slow, VS code is probably the fastest electron app in existence.
Teams is full of bugs, and it seems they are unwilling to fix even security vulns (from TFA). VS code is free of bugs, even though I use it way more than Teams.
Teams is not fixing even security bugs, and VS code's update cycle is so frequent that it is annoying. I am surprised how long their version notes are.
Really strange.
[+] [-] tuan|4 years ago|reply
[+] [-] cebert|4 years ago|reply
My organization is considering restructuring teams from 1-3 horizontal teams (full stack) for a given product to 1-3 teams that focus only on one slice of the product. Seeing articles like this makes me contemplate if there’s more security risk with this approach.
[+] [-] blahblah12|4 years ago|reply
For example, it’s not clear to me why an IP address leak is considered problematic. And breaking chat or crashing on reload seems more akin to a bug a la iMessage link bugs like https://www.theverge.com/2018/1/18/16904774/ios-iphone-bug-c.... That type of issue should be fixed, but it’s not a vulnerability that’s meaningfully exploitable for either remote code execution, stealing client credentials, or stealing client data.
[+] [-] jdmichal|4 years ago|reply
[+] [-] watwut|4 years ago|reply