Nice chain and write-up. I don't know that I would call eval() on user input, hard coded secrets, and leaked credentials small or harmless. All of those are scary on their own.

▲

arcfour 3 days ago | parent [-]

Yeah...and the fact that they evidently had no responsible disclosure process and ghosted the reporter...for a security product?!

Big yikes.

	▲	pixl97 2 days ago \| parent [-]
		>.for a security product I find a lot of 'security products' put their own security at the bottom of concerns. They may actually start with that focus, but get bought up by VC that turns everything in to a profit center.