Hello Honest Hackers of Intigriti,
The last months at Suivo were spent rebuilding our login system from the ground up.
Logins based on a unique userName and weak password are a thing of the past (or at least a thing for existing customer and backwards compatibility).
We've constructed entirely new flows based on a verified email adress.
The options are:
- Plain email based (with account activation and password reset mail flows)
- OpenID for Microsoft accounts (with account activation mail flow)
- OpenID for Google accounts (with account activation mail flow)
It would be a shame if we made some mistakes in these new flows, wouldn't it? Could you help us squash the bugs and patch the holes?
Since authentication is a very important part of our application, please provide clear reproduction instructions and risk assesment for any issue you might find.
Thank you for making Suivo a safe space!
Note: All existing accounts are removed, instructions to obtain a new login can be found in our FAQ.
Dear researchers,
We've added new credentials to our program for you to test with, old credentials will not work anymore. You can request new ones via the "claim credentials" button.
We've also adjusted and further clarified the roles and expectations within a role.
You will now have access to users on two different accounts so they can be tested against eachother.
Please find more details in the program description itself.
Happy hunting!