User Information sent to client through websockets

Disclosed: 2016-09-12 18:47:42 By cablej To legalrobot
Unknown
Vulnerability Details
Hey, I noticed when monitoring the websocket requests that the account information of many users, including email address, is sent to the client. For example: ``` ██████ ██████████ █████████ ████████ ███████ ``` There's hundreds of these requests, each containing user information. Please let me know if this is meant to be happening, but I didn't see a list of users on the site.
Actions
View on HackerOne
Report Stats
  • Report ID: 163464
  • State: Closed
  • Substate: resolved
  • Upvotes: 8
Share this report