Skip to content

Latest commit

 

History

History
240 lines (239 loc) · 33.5 KB

TOPAUTH.md

File metadata and controls

240 lines (239 loc) · 33.5 KB
Raw

Top Authentication reports from HackerOne:

  1. Potential pre-auth RCE on Twitter VPN to Twitter - 1163 upvotes, $20160
  2. Improper Authentication - any user can login as other user with otp/logout & otp/login to Snapchat - 901 upvotes, $25000
  3. Subdomain Takeover to Authentication bypass to Roblox - 728 upvotes, $2500
  4. [ RCE ] Through stopping the redirect in /admin/* the attacker able to bypass Authentication And Upload Malicious File to Mail.ru - 340 upvotes, $4000
  5. Shopify admin authentication bypass using partners.shopify.com to Shopify - 288 upvotes, $20000
  6. Bypass Password Authentication for updating email and phone number - Security Vulnerability to Twitter - 261 upvotes, $700
  7. Spring Actuator endpoints publicly available and broken authentication to LINE - 223 upvotes, $12500
  8. Misuse of an authentication cookie combined with a path traversal on app.starbucks.com permitted access to restricted data to Starbucks - 223 upvotes, $4000
  9. Through blocking the redirect in /* the attacker able to bypass Authentication To see Sensitive Data sush as Game Keys , Emails ,.. to Razer - 196 upvotes, $1000
  10. Authentication bypass on auth.uber.com via subdomain takeover of saostatic.uber.com to Uber - 165 upvotes, $5000
  11. Web Authentication Endpoint Credentials Brute-Force Vulnerability to HackerOne - 151 upvotes, $1500
  12. 2-factor authentication can be disabled when logged in without confirming account password to Localize - 144 upvotes, $500
  13. Authentication bypass on gist.github.com through SSH Certificates to GitHub - 143 upvotes, $10000
  14. [c-api.city-mobil.ru] Client authentication bypass leads to information disclosure to Mail.ru - 143 upvotes, $8000
  15. Incorrect param parsing in Digits web authentication to Twitter - 122 upvotes, $2520
  16. RCE/LFI on test Jenkins instance due to improper authentication flow to Snapchat - 104 upvotes, $5000
  17. Thailand - a small number of SMB CCTV footage backup servers were accessible without authentication. to Starbucks - 92 upvotes, $0
  18. User account compromised authentication bypass via oauth token impersonation to Picsart - 91 upvotes, $0
  19. SAML Authentication Bypass on uchat.uberinternal.com to Uber - 82 upvotes, $8500
  20. Account Takeover via SMS Authentication Flow to Zenly - 82 upvotes, $1750
  21. Account takeover w/o interaction for a user that doesn't have 2fa enabled via 2fa linking and improper auth at /api/2fa/verify to Helium - 76 upvotes, $100
  22. Docker Registry HTTP API v2 exposed in HTTP without authentication leads to docker images dumping and poisoning to Semmle - 75 upvotes, $2000
  23. Admin Authentication Bypass Lead to Admin Account Takeover to UPS VDP - 75 upvotes, $0
  24. Pre-auth Remote Code Execution on multiple Uber SSL VPN servers to Uber - 72 upvotes, $2000
  25. OneLogin authentication bypass on WordPress sites via XMLRPC to Uber - 71 upvotes, $7000
  26. RCE, SQLi, IDOR, Auth Bypass and XSS at [staff.███.edu.eg ] to ██████ - 69 upvotes, $0
  27. Broken Authentication - Security token gets captured via man in the middle attack to Automattic - 61 upvotes, $200
  28. Improper Authentication in Vimeo's API 'versions' endpoint. to Vimeo - 57 upvotes, $2000
  29. Ability to access all user authentication tokens, leads to RCE to GitLab - 56 upvotes, $0
  30. Ability to log in as any user without authentication if █████████ is empty to Ubiquiti Inc. - 52 upvotes, $6000
  31. Bypass Password Authentication to Update the Password to Twitter - 51 upvotes, $700
  32. OneLogin authentication bypass on WordPress sites to Uber - 49 upvotes, $10000
  33. Two-factor authentication enforcement bypass to Nextcloud - 46 upvotes, $750
  34. [Android] Directory traversal leading to disclosure of auth tokens to Slack - 45 upvotes, $3500
  35. Authentication bypass on sso.ubnt.com via subdomain takeover of ping.ubnt.com to Ubiquiti Inc. - 45 upvotes, $500
  36. Authentication bypass for ███ leads to take over any users account. to Krisp - 43 upvotes, $5000
  37. Basic auth header on WebDAV requests is not bruteforce protected to Nextcloud - 43 upvotes, $750
  38. Login CSRF : Login Authentication Flaw on https://liberapay.com/ to Liberapay - 43 upvotes, $0
  39. Authentication Bypass on Icinga monitoring server to Shopify - 40 upvotes, $3000
  40. Missing authentication in buddy group API of LINE TIMELINE to LINE - 40 upvotes, $3000
  41. bypass two-factor authentication in Android apps and web to TikTok - 38 upvotes, $1000
  42. Broken Authentication and Session Management Flaw After Change Password and Logout to Omise - 38 upvotes, $100
  43. PHPMYADMIN Setup is accessible without authentication on https://lml.lahitapiola.fi/ to LocalTapiola - 37 upvotes, $600
  44. Two-factor authentication bypass on Grab Android App to Grab - 37 upvotes, $500
  45. Authentication token and CSRF token bypass to Enjin - 37 upvotes, $300
  46. Bypass Password Authentication to Update the Password to Twitter - 30 upvotes, $0
  47. Authentication CSRF resulting in unauthorized account access on Krisp app to Krisp - 29 upvotes, $1000
  48. Bypass two-factor authentication to Slack - 29 upvotes, $500
  49. Authentication Bypass - Chaining two vulnerabilities leads to account takeover at en.instagram-brand.com to Automattic - 28 upvotes, $175
  50. [jitsi-meet] Authentication Bypass when using JWT w/ public keys to 8x8 - 28 upvotes, $0
  51. CSRF in all API endpoints when authenticated using HTTP Authentication to Shopify - 26 upvotes, $1000
  52. Username restriction bypass with SSL client authentication to Open-Xchange - 26 upvotes, $1000
  53. Authentication Bypass by abusing Insecure crypto tokens in /lib/OA/Dal/PasswordRecovery.php: to Revive Adserver - 26 upvotes, $0
  54. [data-07.uberinternal.com] SSRF in Portainer app lead to access to Internal Docker API without Auth to Uber - 25 upvotes, $500
  55. Authentication bypass and RCE on the https://████ due to exposed Cisco TelePresence SX80 with default credentials to U.S. Dept Of Defense - 25 upvotes, $0
  56. Broken Authentication and session management OWASP A2 to HackerOne - 24 upvotes, $100
  57. Two-factor authentication can be disabled when logged in without 2fa or password confirmation to Zivver - 24 upvotes, $0
  58. Broken Authentication Session Token Bug to Courier - 24 upvotes, $0
  59. Developer uploaded files missing authentication on LINE GAME Developers site(gdc.game.line.me) to LINE - 23 upvotes, $1000
  60. Uninstalling Rockstar Games Launcher for Windows (64-bit), then reinstalling keeps you logged in without authentication to Rockstar Games - 23 upvotes, $250
  61. Bypass two-factor authentication to Cloudflare Public Bug Bounty - 23 upvotes, $250
  62. Authentication Issue to Coinbase - 23 upvotes, $200
  63. [www.boozt.com] - Authentication bypass to Boozt Fashion AB - 23 upvotes, $200
  64. Shop App - Attacker is able to intercept authorization code during authentication (OAuth) and is able to get access to Microsoft Outlook email account to Shopify - 21 upvotes, $900
  65. Administration page visible without authentication to Visma Public - 21 upvotes, $100
  66. Broken Authentication and session management OWASP A2 to Liberapay - 21 upvotes, $0
  67. Wordpress 4.7 - CSRF -> HTTP SSRF any private ip:port and basic-auth to WordPress - 20 upvotes, $750
  68. Access to all █████████ files, including CAC authentication bypass to U.S. Dept Of Defense - 19 upvotes, $0
  69. Broken Authentication and Session Management to Phabricator - 17 upvotes, $300
  70. Bypassing password authentication of users that have 2FA enabled to GitLab - 17 upvotes, $0
  71. Pre-Auth Blind NoSQL Injection leading to Remote Code Execution to Rocket.Chat - 17 upvotes, $0
  72. IDOR - Access to private video thumbnails even if video requires password authentication to Pornhub - 16 upvotes, $1000
  73. Dovecot authentication is vulnerable to timing attacks. to Open-Xchange - 16 upvotes, $600
  74. WEBrick::HTTPAuth::DigestAuth authentication is vulnerable to regular expression denial of service (ReDoS) to Ruby - 16 upvotes, $200
  75. 2-factor authentication bypass to Algolia - 16 upvotes, $100
  76. broken authentication (password reset link not expire after use in https://network.tochka.com/sign-up) to QIWI - 16 upvotes, $100
  77. Authentication Issue to Nextcloud - 16 upvotes, $50
  78. Uninstalling Mattermost Launcher for Windows (64-bit), then reinstalling keeps you logged in without authentication to Mattermost - 16 upvotes, $0
  79. Client side authentication leads to Auth Bypass to U.S. Dept Of Defense - 16 upvotes, $0
  80. Docker Registry without authentication leads to docker images download to U.S. Dept Of Defense - 16 upvotes, $0
  81. Store Deletion or Sell without authentication to Shopify - 15 upvotes, $900
  82. Uninstalling Slack for Windows (64-bit), then reinstalling keeps you logged in without authentication to Slack - 15 upvotes, $500
  83. anti_ransomware_service.exe REST API does not require authentication to Acronis - 15 upvotes, $200
  84. Mobile Authentication Endpoint Credentials Brute-Force Vulnerability to New Relic - 15 upvotes, $0
  85. Authentication Bypass & ApacheTomcat Misconfiguration in [██] to 8x8 - 15 upvotes, $0
  86. Two Factor Authentication Bypass to Ubiquiti Inc. - 14 upvotes, $500
  87. Basic Authentication Heap Overflow to Internet Bug Bounty - 13 upvotes, $6000
  88. Drupal 7 pre auth sql injection and remote code execution to Internet Bug Bounty - 13 upvotes, $3000
  89. Akismet API keys are exposed by authentication method to Automattic - 13 upvotes, $100
  90. WordPress admin is accessible without HTTP authentication to Showmax - 13 upvotes, $0
  91. Attacker can bypass authentication build on ingress external auth (nginx.ingress.kubernetes.io/auth-url) to Kubernetes - 12 upvotes, $500
  92. Leak of Platform Authentication credentials via Repeater to PortSwigger Web Security - 12 upvotes, $200
  93. Improper Restriction of Excessive Authentication Attempts at http://terrafoot.ru/login.php (Rate Limit bypass via IP Rotation) to Mail.ru - 12 upvotes, $150
  94. SSO Authentication Bypass to New Relic - 12 upvotes, $0
  95. Broken Authentication – Session Token bug to Weblate - 12 upvotes, $0
  96. SAML authentication bypass to Rocket.Chat - 12 upvotes, $0
  97. Administration Authentication Bypass on https://█████ to U.S. Dept Of Defense - 12 upvotes, $0
  98. pre-auth Stored XSS in comments via javascript: url when administrator edits user supplied comment to WordPress - 11 upvotes, $650
  99. Pre-auth Denial-of-Service in Dovecot RPA implementation to Open-Xchange - 11 upvotes, $550
  100. Store Admin Page Accessible Without Authentication at http://www.grouplogic.com/ADMIN/store/index.cfm to Acronis - 10 upvotes, $250
  101. Broken authentication and session management flaw to Coursera - 10 upvotes, $0
  102. Text injection on Auth problem at urbandictionary.com to Urban Dictionary - 10 upvotes, $0
  103. Broken Authentication & Session Management (Login Bypass) at support.owox.com to OWOX, Inc. - 10 upvotes, $0
  104. Significant Two step verification Authentication Bypass to Dropbox - 10 upvotes, $0
  105. Hi! Security Team Rocket.Chat, It's possible to get information about the users emails without authentication to Rocket.Chat - 10 upvotes, $0
  106. Broken Authentication to U.S. Dept Of Defense - 10 upvotes, $0
  107. Java: CWE-522 Insecure basic authentication to GitHub Security Lab - 9 upvotes, $2300
  108. Authentication Bypass on monitoring server to Shopify - 9 upvotes, $500
  109. Lack of Sanitization and Insufficient Authentication to WordPress - 9 upvotes, $300
  110. Basic auth details is still work on report ( 351555 ) to Reverb.com - 9 upvotes, $100
  111. Authentication bypass vulnerability on a DoD website to U.S. Dept Of Defense - 9 upvotes, $0
  112. Account Takeover using Third party Auth CSRF to Weblate - 9 upvotes, $0
  113. Login CSRF : Login Authentication Flaw to Weblate - 9 upvotes, $0
  114. [express-laravel-passport] Improper Authentication to Node.js third-party modules - 9 upvotes, $0
  115. Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464) to U.S. Dept Of Defense - 9 upvotes, $0
  116. Post-Auth Blind NoSQL Injection in the users.list API leads to Remote Code Execution to Rocket.Chat - 9 upvotes, $0
  117. Improper Restriction of Excessive Authentication Attempts at https://ucs.ru/login to Mail.ru - 8 upvotes, $400
  118. Message Authentication Codes calculated by the Default Encryption Module allow an attacker to silently overwrite blocks in a file to Nextcloud - 8 upvotes, $250
  119. Improper Authentication via previous backup code login to Basecamp - 8 upvotes, $250
  120. Exposed authentication (/cs/Satellite) to LocalTapiola - 8 upvotes, $200
  121. SMB User Authentication Bypass and Persistence to ownCloud - 8 upvotes, $150
  122. Improper Restriction of Excessive Authentication Attempts via https://certification.mail.ru/auth-form/?form=auth_certy (Rate limit Bypass) to Mail.ru - 8 upvotes, $150
  123. Improper Restriction of Excessive Authentication Attempts at https://top.mail.ru/edit? for site counter (Rate Limit bypass via IP Rotation) to Mail.ru - 8 upvotes, $150
  124. Cleartext protocol after bank authentication (yrityspalvelu.tapiola.fi) to LocalTapiola - 8 upvotes, $100
  125. Authentication Required When password change to Passit - 8 upvotes, $0
  126. Double authentication bypass to Mail.ru - 8 upvotes, $0
  127. Authentication bypass in https://nin.mtn.ng to MTN Group - 8 upvotes, $0
  128. Improper Restriction of Excessive Authentication Attempts at o2-ac.my.com/token to Mail.ru - 7 upvotes, $150
  129. Improper Restriction of Excessive Authentication Attempts at https://mirror.w1.dwar.ru/login.php to Mail.ru - 7 upvotes, $150
  130. The auth token does not expire on logging out and even after logging out all sessions to Mail.ru - 7 upvotes, $100
  131. Authentication Bypass in Updating Personal Information to Instacart - 7 upvotes, $0
  132. [ipm.informatica.com]- Broken Authentication to Informatica - 7 upvotes, $0
  133. Physical Access to Mobile App Allows Local Attribute Updates without Authentication to Uber - 7 upvotes, $0
  134. Password authentication when changing information bypass. Bypass of report #721341 to Khan Academy - 7 upvotes, $0
  135. Disclosure of internal information using hidden NTLM authentication leading to an exploit server to MTN Group - 7 upvotes, $0
  136. Authentication bypass leads to sensitive data exposure (token+secret) to Slack - 6 upvotes, $2000
  137. Compromise of auth via subset/superset namespace names. to Kubernetes - 6 upvotes, $500
  138. WordPress Authentication Denial of Service to Instacart - 6 upvotes, $100
  139. X-Content-Type-Options header missing at Auth Login to GoCD - 6 upvotes, $0
  140. HTTP - Basic Authentication on https://www.stellar.org/wp-login.php to Stellar.org - 6 upvotes, $0
  141. Cross Site Request Forgery in auth in https://auth.ratelimited.me/ to RATELIMITED - 6 upvotes, $0
  142. Improper authentication on phpmyadmin portal which is hosted in https://eventapp.engelvoelkers.com to Engel & Völkers Technology GmbH - 6 upvotes, $0
  143. Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464) to U.S. Dept Of Defense - 6 upvotes, $0
  144. Unauthorized Access to Internal Server Panel without Authentication to U.S. Dept Of Defense - 6 upvotes, $0
  145. Add me email address Authentication bypass to LinkedIn - 6 upvotes, $0
  146. Pre-auth buffer over-read in Dovecot NTLM implementation to Open-Xchange - 5 upvotes, $550
  147. Payment gateway status transferred to Shopify without authentication to Shopify - 5 upvotes, $500
  148. Category- Broken Authentication and Session Management (leads to account compromise if some conditions are met) to HackerOne - 5 upvotes, $100
  149. [tor] control connection pre-auth DoS (infinite loop) with --enable-bufferevents to Tor - 5 upvotes, $100
  150. Broken authentication and invalidated email address leads to account takeover to Twitter - 5 upvotes, $0
  151. [gitmm.corp.mail.ru] Auth Bypass, Information Disclosure to Mail.ru - 5 upvotes, $0
  152. Broken Authentication & Session Management - Failure to Invalidate Session on all other browsers at Password change to Paragon Initiative Enterprises - 5 upvotes, $0
  153. Improper authentication on registration to Semrush - 5 upvotes, $0
  154. https://█████████ Vulnerable to CVE-2018-0296 Cisco ASA Path Traversal Authentication Bypass to U.S. Dept Of Defense - 5 upvotes, $0
  155. Tokenless GUI Authentication to Kubernetes - 5 upvotes, $0
  156. Authentication bypass leads to Information Disclosure at U.S Air Force "https://███" to U.S. Dept Of Defense - 5 upvotes, $0
  157. Critical : Access to group videos where videos are restricted for all users(Broken authentication ) to ok.ru - 4 upvotes, $150
  158. Broken Authentication and Session Management to Secret - 4 upvotes, $0
  159. HTTP-Basic Authentication on logs.nextcloud.com to Nextcloud - 4 upvotes, $0
  160. Configuration and/or source code files on uchat-staging.uberinternal.com can be viewed without OneLogin SSO Authentication to Uber - 4 upvotes, $0
  161. Broken Authentication: A project addition request can be used multiple time for different users to Semrush - 4 upvotes, $0
  162. *.shopify.com - Authentication bypass to Shopify - 4 upvotes, $0
  163. Post-Auth Stored XSS with User Interaction leads to Remote Code Execution to Rocket.Chat - 4 upvotes, $0
  164. Grafana default username password authentication into the Grafana platform of the grafana.ev-cloud-platform.engelvoelkers.com to Engel & Völkers Technology GmbH - 4 upvotes, $0
  165. Authentication Bypass - Email Verification code bypass in account registration process. to UPchieve - 4 upvotes, $0
  166. Authentication Bypass Using Default Credentials on █████ to U.S. Dept Of Defense - 4 upvotes, $0
  167. [Java] CWE-522: Insecure LDAP authentication to GitHub Security Lab - 3 upvotes, $1800
  168. Auth bypass on directory.corp.ubnt.com to Ubiquiti Inc. - 3 upvotes, $1000
  169. Urgent : Disclosure of all the apps with hash ID in mopub through API request (Authentication bypass) to Twitter - 3 upvotes, $280
  170. Can upload files without authentication on AirFibre 3.2 to Ubiquiti Inc. - 3 upvotes, $150
  171. Improper Restriction of Excessive Authentication Attempts at https://api.warrobots.com/auth (Pixonic Games) to Mail.ru - 3 upvotes, $150
  172. Broken Authentication (including Slack OAuth bugs) to Slack - 3 upvotes, $100
  173. No rate-limit in Two factor Authentication leads to bypass using bruteforce attack to Algolia - 3 upvotes, $100
  174. Critical IDOR - Get Authentication Details of any Terminal/Gatekeeper to Veris - 3 upvotes, $0
  175. Defect-Security | Driver-Broken Authentication | Able to update the Subscription Setting anonymously to Uber - 3 upvotes, $0
  176. Open Redirect via "next" parameter in third-party authentication to Weblate - 3 upvotes, $0
  177. Existing sessions valid after removing third party auth to Weblate - 3 upvotes, $0
  178. The Uber Promo Customer Endpoint Does Not Implement Multifactor Authentication, Blacklisting or Rate Limiting to Uber - 3 upvotes, $0
  179. No authentication on email address for password reset functionality/ https://platform.thecoalition.com/forgot-password to Coalition, Inc. - 3 upvotes, $0
  180. Missing Two Factor Authentication in /admin/login to CFP Time - 3 upvotes, $0
  181. Able to view Backend Database dur to improper authentication to U.S. Dept Of Defense - 3 upvotes, $0
  182. Two-factor authentication (2FA) Bypass to BlockDev Sp. Z o.o - 3 upvotes, $0
  183. █████████ - Insecure download cookie generation allows bypass of CAC authentication, access to deleted and locked files to U.S. Dept Of Defense - 3 upvotes, $0
  184. SAML authentication bypass through unauthenticated addSamlProvider Meteor Call to Rocket.Chat - 3 upvotes, $0
  185. The authentication code when activating 2FA can be used again to log in to Shopify - 3 upvotes, $0
  186. No admin audit log for auth tokens to Nextcloud - 3 upvotes, $0
  187. [JAVA]: CWE-347 - Improper Verification of Cryptographic Signature : Potential for Auth Bypass to GitHub Security Lab - 3 upvotes, $0
  188. Potential Authentication Bypass through "autologin" feature to ImpressCMS - 3 upvotes, $0
  189. [Python] CWE-287: LDAP Improper Authentication to GitHub Security Lab - 2 upvotes, $1800
  190. [Python] CWE-522: Insecure LDAP Authentication to GitHub Security Lab - 2 upvotes, $1800
  191. Twitter Ads Campaign information disclosure through admin without any authentication. to Twitter - 2 upvotes, $560
  192. Bypassed password authentication before enabling OTP verification to Shopify - 2 upvotes, $500
  193. Broken Authentication on Badoo to Bumble - 2 upvotes, $427
  194. MD5 used for Key-Auth signatures to WP API - 2 upvotes, $0
  195. apps.owncloud.com: SSL Server Allows Anonymous Authentication Vulnerability (SMTP) to ownCloud - 2 upvotes, $0
  196. Email Authentication Bypass to Paragon Initiative Enterprises - 2 upvotes, $0
  197. Authentication Bypassing and Sensitive Information Disclosure on Verify Email Address in Registration Flow to Zomato - 2 upvotes, $0
  198. Missing authentication on Notification setting . to Uber - 2 upvotes, $0
  199. Not clearing hex-decoded variable after usage in Authentication to Paragon Initiative Enterprises - 2 upvotes, $0
  200. Improper access control when an added email address is deleted from authentication to Weblate - 2 upvotes, $0
  201. putty pscp client-side post-auth stack buffer overwrite when processing remote file size to Internet Bug Bounty - 2 upvotes, $0
  202. Broken Authentication and session management OWASP A2 to WakaTime - 2 upvotes, $0
  203. Password authentication at newsletter.nextcloud.com discloses username list to Nextcloud - 2 upvotes, $0
  204. [h1-2006 CTF] Multiple vulnerabilities leading to account takeover and two-factor authentication bypass allows to send pending bounty payments to h1-ctf - 2 upvotes, $0
  205. [authmagic-timerange-stateless-core] Improper Authentication to Node.js third-party modules - 2 upvotes, $0
  206. Bypass local authentication (PIN code) to Rocket.Chat - 2 upvotes, $0
  207. TOTP 2 Factor Authentication Bypass to Rocket.Chat - 2 upvotes, $0
  208. Authentication Failed Mobile version to Shopify - 1 upvotes, $500
  209. Authentication Data are not Clearing to Udemy - 1 upvotes, $150
  210. Verification code issues for Two-Step Authentication to Automattic - 1 upvotes, $100
  211. Top 10 2013-A2-Broken Authentication and Session Management - wordpress.com to Automattic - 1 upvotes, $0
  212. broken authentication to Concrete CMS - 1 upvotes, $0
  213. Weak Random Number Generator for Auth Tokens to joola.io - 1 upvotes, $0
  214. Two-factor authentication (via SMS) to Coinbase - 1 upvotes, $0
  215. Authentication bypass at fast.corp.yahoo.com to Yahoo! - 1 upvotes, $0
  216. No authentication required to add an email address. to Phabricator - 1 upvotes, $0
  217. Email Authentication bypass Vulnerability to Paragon Initiative Enterprises - 1 upvotes, $0
  218. Authentication Issue for easter egg on bonjour.uber.com to Uber - 1 upvotes, $0
  219. The application uses basic authentication. to Nextcloud - 1 upvotes, $0
  220. Broken Authentication and Session Management(Session Fixation) to Boozt Fashion AB - 1 upvotes, $0
  221. clickjacking to Semrush auth login to Semrush - 1 upvotes, $0
  222. Bypass Local Authentication (TouchID) to Dropbox - 1 upvotes, $0
  223. Improper authentication in the load sell inventory page to CS Money - 1 upvotes, $0
  224. [JAVA]: CWE-347 - Improper Verification of Cryptographic Signature : Potential for Auth Bypass to GitHub Security Lab - 1 upvotes, $0
  225. Broken Authentication and Session Management lead to take over account to Phabricator - 1 upvotes, $0
  226. Certificate authentication re-use on redirect to curl - 1 upvotes, $0
  227. The software does not implement sufficient measures to prevent multiple failed authentication attempts within in a short time frame, making it more su to LinkedIn - 1 upvotes, $0
  228. [api.allodsteam.com] Authentication Data to Mail.ru - 0 upvotes, $300
  229. 2 factor authentication design flaw to Coinbase - 0 upvotes, $100
  230. open authentication bug to Coinbase - 0 upvotes, $100
  231. Sensitive settings need Re authentication to WePay - 0 upvotes, $0
  232. BROKEN AUTHENTICATION IN MOBILE VERIFICATION to Twitter - 0 upvotes, $0
  233. unvalid open authentication with facebook to Vimeo - 0 upvotes, $0
  234. Broken Authentication – Session Token bug to WePay - 0 upvotes, $0
  235. Authentication errors in server side validaton of E-MAIL to Gratipay - 0 upvotes, $0
  236. Authentication Bypass in Yahoo Groups to Yahoo! - 0 upvotes, $0
  237. Authentication Bypass due to Session Mismanagement to Yahoo! - 0 upvotes, $0
  238. Broken Authentication and session management OWASP A2 to New Relic - 0 upvotes, $0