Correspondence from Fastly declined to comment regarding new discovered vulnerabilities within their website. Poor practices regarding password changes. 1. Reset user password 2. Access link sent 3. Temporary password sent plaintext // HTTP POST request POST /user/mwebsec%40gmail.com/password/request_reset HTTP/2 Host: api.fastly.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:108.0) Gecko/20100101 Firefox/108.0 [...] [...] {"g-recaptcha-response":"03AFY_a8UY[...]"} [...] // HTTP response HTTP/2 200 OK Cache-Control: no-store [...] // HTTP GET request GET /auth/user/3lWtx49FrV2.../password/reset/f496875e6e1d88d80aa5.../1677948661/2f2ea8d230adaf03bd749081d... HTTP/2 Host: manage.fastly.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:108.0) Gecko/20100101 Firefox/108.0 [...] // HTTP response HTTP/2 200 OK Cache-Control: public, max-age=60, stale-if-error=1209600, stale-while-revalidate=600 [...] Weak Pwd requirements 1. Login to user account 2. Click Account -> Personal Profile 3. Select Change Password -> Current Password -> FastLy%2540!1M 4. Select New Password -> P.P.P.P.P.P.P -> Confirm Password -> P.P.P.P.P.P.P 5. Select Sign Out Option 6. Login with new password // HTTP POST request POST /oauth/password HTTP/2 Host: api.fastly.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:108.0) Gecko/20100101 Firefox/108.0 [...] [...] client_id=fastly-ui&grant_type=password&new_password=P.P.P.P.P.P.P&old_password=FastLy%2540!1M&username=mwebsec% 40gmail.com [...] // HTTP response HTTP/2 401 Unauthorized Status: 401 Unauthorized Cache-Control: no-store Content-Type: application/json [...] [...] {"msg":"Token 3kzBPKXbsbtZBl9..."} [...] // HTTP POST request POST /oauth/access_token HTTP/2 Host: api.fastly.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:108.0) Gecko/20100101 Firefox/108.0 [...] [...] client_id=fastly-ui&grant_type=password&password=P.P.P.P.P.P.P&username=mwebsec% 40gmail.com [...] // HTTP response HTTP/2 200 OK Status: 200 OK [...] [...] {"id":"7IU53vPHZ...", "name":"manage.fastly.com browser session", "user_id":"3lWtx49FrV...", "customer_id":"535znFHg...", [...] "token_type":"bearer", "scope":"global", "services":[], "access_token":"qwdBQF43O..."} [...]