Personal Capital -- All previous issues resolved
With the exception of the two known-issues, which are described on the brief and outlined below, Personal Capital has resolved all findings to date on this program. This means there is a very low likelihood of submitting a duplicate finding, and could be a good opportunity to find new issues.
They've also recently increased rewards on the program :-)
The following are either known issues we don't want to fix or already known and pending.
- Session invalidation on Password Reset & Change - We're aware of this, our auth system is a bit more complex so such things have lower impact. We may change this behavior later but this is a known thing.
- User enumeration from login page - That's a design decision.