• kitnaht@lemmy.world
    link
    fedilink
    English
    arrow-up
    45
    arrow-down
    22
    ·
    edit-2
    8 months ago

    Exploit. The system worked as intended, just without a rate limit. A hack would be relying on a vulnerability in the software to make it not function as programmed.

    It’s the difference between finding a angle in a game world that causes your character to climb steeper than it should, vs rewriting memory locations to no-clip through everything. One causes the system to act in a way that it otherwise wouldn’t (SQL injections, etc) – the other, is using the system exactly as it was programmed.

    Downloading videos from YouTube isn’t “Hacking” YouTube. Even though it’s using the API in a way it wasn’t intended. Right-clicking a webpage and viewing the source code isn’t hacking - even if the website you’re looking at doesn’t want you looking at the source.

      • ___@lemm.ee
        link
        fedilink
        English
        arrow-up
        3
        ·
        8 months ago

        A system fault is not the same as a vulnerability. These would have different baseline CVSS 3.1 scores, with the temporal and environmental reducing over time. A medium/low at best for a public endpoint exposing PII.

    • just_another_person@lemmy.world
      link
      fedilink
      English
      arrow-up
      9
      arrow-down
      7
      ·
      8 months ago

      Sure. Except you’re wrong and have absolutely idea of what people in this community say about things. Let me be a dick and literally googz this for you and find an embarassing answer because you couldn’t do it yourself.