mogwailabs_gmbh

@mogwailabs_gmbh@infosec.exchange

a cyber security boutique with a strong emphasis on offensive security

This profile is from a federated server and may be incomplete. Browse more on the original instance.

mogwailabs_gmbh, to security

Last May, the populare API tool Postman pivoted to be a cloud-only product for many of its features. This might have a serious security impact as developers often store high privileged access tokens there, in some cases they might even be exposed through the Postman API search features.

We did a quick check for some of our customers and already discovered some valid tokens.

Check out @Lee_Holmes blog post on this. Also kudos to @wdormann for pointing this out first (at leat to our knowledge).

  • All
  • Subscribed
  • Moderated
  • Favorites
  • megavids
  • thenastyranch
  • rosin
  • GTA5RPClips
  • osvaldo12
  • love
  • Youngstown
  • slotface
  • khanakhh
  • everett
  • kavyap
  • mdbf
  • DreamBathrooms
  • ngwrru68w68
  • provamag3
  • magazineikmin
  • InstantRegret
  • normalnudes
  • tacticalgear
  • cubers
  • ethstaker
  • modclub
  • cisconetworking
  • Durango
  • anitta
  • Leos
  • tester
  • JUstTest
  • All magazines
    •