PentesterLab's Blog: Insights, weekly research highlights, and deep dives into web security, code review, and pentesting.

How "Strengthening Crypto" Broke Authentication: FreshRSS and bcrypt's 72-Byte Limit

As part of our CVE monitoring, we came across GHSA-pcq9-mq6m-mvmp (CVE-2025-68402), an authentication bypass in FreshRSS, a self-hosted RSS aggregator. It ...

By Louis Nyffenegger March 10, 2026 · 10 min read

Filter: All Research APPSEC AuthZ CAREER Code Review Insight JWT PENTESTING

Code Review PENTESTING

Keeping Notes during a Pentest or Code Review

Keeping notes is one of the key aspects of penetration testing. In this article I’m going to share some information on ...

Louis Nyffenegger Mar 3, 2017 · 4 min read