01
May
2016

The generic error page of the Red Hat customer portal suffers from a Cross-Site Scripting vulnerability to steal users credential in plaintext.

As part of my personal projects, as during my professional activity, it is not uncommon that I sign on RedHat sites to download resources (or find solutions to more or less twisted bugs.

Read more
04
Mar
2016

SSO authentication page of one of Fortigate IdP presents a Cross-Site Scripting vulnerability which can be used to steal user credentials in plaintext.

Companies and current majors turn increasingly to identity federation. A central and single repository containing users credentials (login / password) like LDAP, AD, etc., a single web application centralized authentication (commonly referred to IdP for.

Read more