I noticed a while back that when I carelessly entered my login credentials to the form for registering a new user account on the front page of the DigitalOcean site, it would still log me in. Neato.
However, I was slightly less amused when I noticed that the login event didn’t show an IP address in my security history.
I reported this at the time the screenshot was taken several months ago. It appears they have recently fixed the issue.
Just a reminder that not all vulnerabilities are obvious, and you can’t find them all with BURP.