Black & White Path

Feb 24, 2026 · Information Security

How a Training Platform’s Weak Credentials Exposed Medium‑Risk Vulnerabilities

The author walks through a penetration test of a corporate training platform, capturing plaintext login traffic, extracting captchas, enumerating user accounts, discovering shared passwords, and fuzzing a course‑id parameter that reveals absolute file paths, ultimately identifying only medium‑severity issues.