Security Update

September 11th, 2014 | by admin |

It was brought to our attention that Flowchart.com had couple of security “issues” -  Which have been fixed.

1) There was a possibility of someone using brute force to attack user accounts as we did not time out login attempts.

2) There was a possibility of XFS (Cross Frame Scripting) attack, whereby our embeded flowchart feature could be misused.

Not huge issues per-se, but issues none the less. Folks from “ethical” hacking site techdefencelabs.com (especially Smit Shah ) sent over an email mentioning the issues along with option to get a bounty for bug report or option to publicly mention them. Since we don’t provide a bounty, next best thing was this blog post to thank them. We appreciate their report. Thank you Smit.

You must be logged in to post a comment.