Closed secureness closed 4 weeks ago
@secureness Thanks for the report, I'm putting it in the queue for now. Let's prioritize on getting the active one you are working on merged first. Then you can pick up this one.
Hi @secureness ,
Thanks for your request! This vulnerability is in scope for the reward program. Please submit our participation form and you can start working on the development.
Please keep in mind that the Tsunami Scanner Team will only be able to work at one issue at a time for each participant so please hold on the implementation work for any other requests you might have.
Thanks!
@secureness If weak credential testing requires custom fingerprinting against the web service, please add the fingerprinting logic similar to https://github.com/google/tsunami-security-scanner-plugins/blob/e7cbb377445c80ed12e33077e3c4aacf4abcbe26/google/fingerprinters/web/src/main/java/com/google/tsunami/plugins/fingerprinters/web/WebServiceFingerprinter.java#L283. This would ensure that the service is correctly identified & labelled in the vulnerability reporting.
Hi @secureness,
You should receive the reward message soon.
~tooryx
zenml is a well-known open-source project for production-ready MLOps pipelines.
it contains a dashboard which contains default credentials ( default/emptyPass ).