I recently discovered a severe vulnerability present in a key system owned by StarTrack. What was particularly unusual about this vulnerability was that it didn’t require any sort of unusual payload to exploit – account data was being leaked within the normal processes of the system. Specifically, merely requesting a password reset