Notifications about the security of stashcat
Current / previous stashcat Security Notifications
If you notice security-related issues in stashcat, feel free to email us at security@stashcat.com. We will check your report as soon as possible.
From27.05.2020 Classified as non-critical Discovery description When using the Web Client, users remain logged in and the data in the Local Storage even after closing the browser tab or closing the browser. If a user does not log out, an uninvolved third...
From18.05.2020 Classified as non-critical Discovery description A potentially compromised user of a closed organization can retrieve the client key and the device ID via the browser’s development tools. This could be used to maliciously retrieve the respective URL with modified parameters and...
From17.05.2020 Classified as non-critical Discovery description A potentially compromised administrator who has access to either the stashcat web server logs or SSL gateway logs as part of his administration function can use them to retrieve the session ID and thus maliciously gain...