Personal Capital -- No 'unresolved' findings
Great news! Personal Capital has resolved all the findings to-date from their program. This means that --- with the exception of a few known issues and exclusions, which are stated on the brief --- there is a very low likelihood you will submit a duplicate finding. Please review below, as well as the brief, to fully understand the known issues and exclusions.
Known Issues & Exclusions:
- Session invalidation on Password Reset & Change
- User enumeration from login page
- Any denial of service type attacks (either network, resource exhaustion or anything else)
- User and email enumeration
- Disclosure of known public files and other information disclosures that are not a material risk (e.g.: robots.txt)
- Any attack or vulnerability that hinges on a user’s computer being first compromised
Thank you and happy hunting!