THREAT OPS › Threat News › Whistlelink: Site-access password exposed in web server access logs via GET query string
Whistlelink: Site-access password exposed in web server access logs via GET query string
<p>Posted by Red Nanaki via Fulldisclosure on Jul 02</p>Whistlelink: Site-access password exposed in web server access logs via GET<br /> query string<br /> <br /> Severity: CRITICAL<br /> <br /> SUMMARY<br /> <br /> The Whistlelink reporting portal protects optionally-enabled, password-gated<br /> whistleblowing sites with a site-access password. When a visitor unlocks such a<br /> site, the clie
Original source: https://seclists.org/fulldisclosure/2026/Jul/14