Empower Personal Wealth

Hey Everyone,

Great news! Personal Capital has resolved all the findings to-date from their program. This means that --- with the exception of a few known issues and exclusions, which are stated on the brief --- there is a very low likelihood you will submit a duplicate finding. Please review below, as well as the brief, to fully understand the known issues and exclusions.

Known Issues & Exclusions:

• Session invalidation on Password Reset & Change
• User enumeration from login page
• Any denial of service type attacks (either network, resource exhaustion or anything else)
• User and email enumeration
• Disclosure of known public files and other information disclosures that are not a material risk (e.g.: robots.txt)
• Any attack or vulnerability that hinges on a user’s computer being first compromised

Thank you and happy hunting!
Steve @Bugcrowd