diff options
| author | Lukas Reschke <lukas@statuscode.ch> | 2016-06-17 15:19:00 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2016-06-17 15:19:00 +0300 |
| commit | aa93d813b5323bf74282f0195259855b61230a38 (patch) | |
| tree | fdb7ecb173f36d01ab3390e5553e947dbff3366a /page-threat-model.php | |
| parent | 27108847c9536d7d61ef7209a10e9abdceae7316 (diff) | |
Add information about user enumeration
Diffstat (limited to 'page-threat-model.php')
| -rw-r--r-- | page-threat-model.php | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/page-threat-model.php b/page-threat-model.php index 013bc08f..efdeb8a3 100644 --- a/page-threat-model.php +++ b/page-threat-model.php @@ -30,3 +30,6 @@ in those disabled features as not bounty-worthy.</p> <h3>Content spoofing</h3> <p>Generally speaking we consider content spoofing not a bounty-worthy vulnerability.</p> + +<h3>User enumeration</h3> +<p>We don't consider user enumeration a security risk as for convenience and for features such as Server-to-Server sharing this is an expected behaviour.</p> |