This is CWE-204, there are loads of big companies that don’t care about this. Netflix is one of them where you can enumerate registered users email addresses from the login screen.
If you want to report this to them you can check if they have a security.txt file at https://domainhere/.well-known/security.txt where they should list the contacts to their security team.
This is CWE-204, there are loads of big companies that don’t care about this. Netflix is one of them where you can enumerate registered users email addresses from the login screen.
If you want to report this to them you can check if they have a security.txt file at https://domainhere/.well-known/security.txt where they should list the contacts to their security team.