Credential Disclosure in LastPass
LastPass was susceptible to a clickjacking attack. By intercepting traffic, an attacker would have been able to harvest login credentials of LastPass users. LastPass ...
Read MoreSearch
Privilege Escalation in IBM Spectrum Virtualize
During a very short security test, Certitude identified two vulnerabilities in the firmware of IBM Spectrum Virtualize, a storage solution by IBM. One of these ...
Read MoreHTTP Header Injection in Citrix ADC and Citrix Gateway (CVE-2020-8300, CVE-2021-22927)
We have discovered a vulnerability in Citrix products (Citrix ADC and Citrix Gateway) that allows an attacker to conduct header injection attacks. This would have ...
Read MoreThe Invisible JavaScript Backdoor
A few months ago we saw a post on the r/programminghorror subreddit: A developer describes the struggle of identifying a syntax error resulting from an invisible ...
Read More