writeups.xyz / Nom for Security: A Proactive Security Review of Nomulus

Submitter : c2a

Date: 20 February 2024

Bounty : undisclosed

Vulnerabilities :

• Insecure Deserialization
• Verbose Logging
• Information Disclosure
• Cryptographic Issues
• Authentication Bypass

Programs :

• Google (Nomulus)

Authors :

• Sam Erb (@Erbbysam)
• Justin Taft

Link :
https://bughunters.google.com/blog/5294234841776128/nom-for-security-a-proactive-security-review-of-nomulus