LEFT SIDEBAR AD

Hidden in mobile, Best for skyscrapers.

Disclosure of any bpost.be username via email

15 hours ago 7
BOOK THIS SPACE FOR AD
ARTICLE AD

MkNayek

Summary :
A bug in the [Forget password ] results in the disclosure of usernames via email, potentially violating user privacy and security policies

Steps to Reproduce:

Go to the Forgot Password page and enter your victim’s email address.Intercept the request and look at the decode option.You will see your victim’s full user name, first name and last name.plese see poc vdeo

https://youtu.be/6NvBY7UxMgE

Expected Behavior :
Usernames should not be included in email communications, especially in headers or other areas visible to unauthorized recipients. Instead:

Use anonymized references (e.g., “Dear User”).
Avoid including sensitive data in email headers.

Security Impact :
Exposure of usernames could lead to targeted attacks (e.g., phishing, social engineering).
Violates user privacy expectations and may breach compliance standards (e.g., GDPR, CCPA).

Suggested Fix :
Remove usernames from emails where not essential.
Use generic placeholders or hashed values if identification is necessary.\

Read Entire Article
  3. Disclosure of any bpost.be username via email

Related

Finding subdomains using goole dorking.

Finding subdomains using goole dorking.

Hack. Earn. Secure the Future: Bug Bounties in 2025

Hack. Earn. Secure the Future: Bug Bounties in 2025

NTLM Authentication Disclosure Vulnerability Report

NTLM Authentication Disclosure Vulnerability Report

Discovering Hidden Subdomains: Tools, Techniques

Discovering Hidden Subdomains: Tools, Techniques

Telegram Leaks PII, doesn’t care.

Telegram Leaks PII, doesn’t care.

No Session Expiry after log-out, attacker can reuse the old cookies

No Session Expiry after log-out, attacker can reuse the old cookies

Trending

1. IPO allotment status
2. Los Angeles
3. Liverpool
4. FC Barcelona
5. Tirupati
6. Barcelona
7. Pritish Nandy
8. SA20
9. Sam Altman
10. Greenland

Popular

Install waybackurls on Kali Linux

Install waybackurls on Kali Linux

1-click RCE in Electron Applications

1-click RCE in Electron Applications

Microsoft Office Professional Plus 2019 (x64 & x86) Multilingual + Pre-Activated

Microsoft Office Professional Plus 2019 (x64 & x86) Multilingual + Pre-Activated

Over 40 Apps With More Than 100 Million Installs Found Leaking AWS Keys

Over 40 Apps With More Than 100 Million Installs Found Leaking AWS Keys

Install DalFox on Kali Linux

Install DalFox on Kali Linux

Autodesk Revit 2023 R1 Build 23.0.11.19 (x64) Multilingual + Crack

Autodesk Revit 2023 R1 Build 23.0.11.19 (x64) Multilingual + Crack

Adobe Master Collection CC 2022 v25.08.2022 (x64) Multilingual Pre-Activated

Adobe Master Collection CC 2022 v25.08.2022 (x64) Multilingual Pre-Activated

Maxon CINEMA 4D Studio S22.123 (x64) Multilingual + Crack

Maxon CINEMA 4D Studio S22.123 (x64) Multilingual + Crack

The best Mini LED TV I've tested isn't made by LG or TCL, and it's on sale for Black Friday

The best Mini LED TV I've tested isn't made by LG or TCL, and it's on sale for Black Friday

‘We are not motivated by profits’ – Open Bug Bounty maintainers on finding a niche in the crowdsourced AppSec market

‘We are not motivated by profits’ – Open Bug Bounty maintainers on finding a niche in the crowdsourced AppSec market

BOOK THIS SPACE FOR AD
RIGHT SIDEBAR BOTTOM AD
Bengali (Bangladesh) Bengali (Bangladesh) · English (United States) English (United States) ·
About Us · Terms & Condition · Contact Us
© Security Alert 2025. All rights are reserved