Ben Popken

@bpopken ↗

Deleted No

Hibernated No

Last Checked Dec. 1, 2022

Created

Fri Sep 16 13:45:27 +0000 2022

Likes

Retweets

Source

Twitter Web App

View Raw Data

JSON Data

View on Twitter

Likely Available

Ben Popken @bpopken

They said they told SeeSaw, who made authorization links longer. This attack wouldn't explain individual accounts accessed, and SeeSaw said it was credential stuffing, but could point to underlying backend weaknesses. — PolitiTweet.org

Posted Sept. 16, 2022

Preceded By

Ben Popken @bpopken

In 2020 SeeSaw user @IrishJP who id's as parent and a penetration tester posted on Mediium of how SeeSaw's API could be manipulated to send graphic images. https://t.co/5vhNQE6K7P — PolitiTweet.org

Posted Sept. 16, 2022

Followed By

Ben Popken @bpopken

The attacker would have had to been blasting the login page to get in, and never get locked out, which is a major security oversight. — PolitiTweet.org

Posted Sept. 16, 2022