A cybersecurity researcher uncovered two authentication flaws in Johnson & Johnson web applications that exposed sensitive recruiter tools, employee records, and an internal audit management system.