You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Disclosure of a vulnerability that allows the theft of visitors' email addresses using Medium's custom domain feature / Mediumの独自ドメインプランを使って訪問者のメールアドレスが窃取できる脆弱性の開示
Disclosure of a vulnerability that allows the theft of visitors' email addresses using Medium's custom domain feature
Author: mala
Introduction
This article describes a vulnerability in a web service called Medium that allows you to steal visitors' e-mail addresses by using custom domain plan of Medium.
This is done as my personal activity and is not related to my organization.
I'm not a zero-day guy and this is simply the result of a failure of coordinated disclosure.