OffTopic
Hello Again,
My name is Vedant, from Squad 58. This time, I am reporting on an app named SpaceBasic, which digitalizes student experiences by automating everyday communication and tasks within universities and student housing communities in one workspace. Over 50 schools and universities are currently automating everyday tasks with SpaceBasic.
I discovered several severe vulnerabilities, one of which allows a hacker to gain unauthorized access to any user’s account. Additionally, there are many other significant vulnerabilities. It is important to note that this penetration testing was conducted on the iOS version of SpaceBasic.
I have already informed the security team at SpaceBasic, and within a week, I was notified that the vulnerabilities have been patched. They rewarded me with a certificate for my contributions and a small bounty of $50 (which is not quite justifiable given the severity of the bugs, but it is what it is 
).
I am attaching a detailed report that I also emailed to the company.
Remember people : Always hack ethically (at least during the daytime 
)
Thank you.
Broken Authentication and Session Management (Identification and Authentication Failures).pdf (565.5 KB)