Pregnancy Tracking #App ‘What to Expect’ Refuses to Fix Issue that Allows Full Account Takeover

What to Expect is a popular pregnancy tracking app available for #ios and #android.

An exposed API endpoint handling password reset requests for the app does not require authentication or enforce rate limits and is vulnerable to brute force attacks.

#privacy #security #cybersecurity

404media.co/pregnancy-tracking…

Pregnancy Tracking App ‘What to Expect’ Refuses to Fix Issue that Allows Full Account Takeover

Vulnerabilities in the popular What to Expect app include one that allows a full account take over, and another that exposes that email address of forum admins.

^{Joseph Cox (404 Media)}