Skip to content

Latest commit

 

History

History
315 lines (231 loc) · 4.42 KB

readme.md

File metadata and controls

315 lines (231 loc) · 4.42 KB
Raw

Title

The Microsoft Store Uber App Does Not Implement Server-side Token Revocation

URL

https://hackerone.com/reports/293363

Severity score

null

Reporter

gregoryvperry

Bounty paid

null

Title

No Session change on Password change

URL

https://hackerone.com/reports/280585

Severity score

null

Reporter

craxermgr

Bounty paid

null

Title

No expiration of session ID after Password change

URL

https://hackerone.com/reports/223327

Severity score

null

Reporter

str33

Bounty paid

null

Title

No session expiry after log-out and session id exposed in URL

URL

https://hackerone.com/reports/434715

Severity score

null

Reporter

amalyoman

Bounty paid

$300

Title

The Federalsit session cookie (federalist.sid) is not properly invalidated - backdoor access to the account is possible

URL

https://hackerone.com/reports/250688

Severity score

null

Reporter

sp1d3rs

Bounty paid

$150

Title

Able to continue user creation process after deleting the HTML element that shows the message that the session is closed

URL

https://hackerone.com/reports/810400

Severity score

null

Reporter

gamliel

Bounty paid

$100

Title

Invalidate session after password reset on https://polldaddy.com

URL

https://hackerone.com/reports/273881

Severity score

null

Reporter

nullsaint

Bounty paid

null

Title

Доступ к аккаунту после смены пароля.

URL

https://hackerone.com/reports/490402

Severity score

1.8

Reporter

rogov

Bounty paid

$100

Title

Bypassing Protection Mechanism: Change of Account Name after Session Log out

URL

https://hackerone.com/reports/789305

Severity score

null

Reporter

ashmek

Bounty paid

null

Title

Failure to Invalid Session after Password Change

URL

https://hackerone.com/reports/514577

Severity score

null

Reporter

d3tonator

Bounty paid

null

Title

Session misconfiguration on forget password feature at https://ort-admin.pingone.com

URL

https://hackerone.com/reports/659957

Severity score

null

Reporter

gujjuboy10x00

Bounty paid

$100

Title

Узнаем несколько цифр номера телефона юзера (можно флудить смс), всего раз узнав его remixsid и его ид юзера, и установка оффлайна юзерам.

URL

https://hackerone.com/reports/390126

Severity score

7.3

Reporter

povargek

Bounty paid

$300

Title

Improper session handling on web browsers

URL

https://hackerone.com/reports/347748

Severity score

null

Reporter

arjuniet

Bounty paid

$560

Title

Keychain data persistence may lead to account takeover

URL

https://hackerone.com/reports/761975

Severity score

null

Reporter

0x3c3e

Bounty paid

$100

Title

Session replay vulnerability in www.urbandictionary.com

URL

https://hackerone.com/reports/216294

Severity score

8.8

Reporter

tcpiplab

Bounty paid

null

Title

Weak Session ID Implementation - No Session change on Password change

URL

https://hackerone.com/reports/272839

Severity score

null

Reporter

wdem

Bounty paid

$40

Title

Session replay vulnerability in app.workbox.dk domain

URL

https://hackerone.com/reports/808731

Severity score

null

Reporter

hacker_bullish

Bounty paid

$100

Title

Revoking user session in https://hackerone.com/settings/sessions does not revoke the GraphQL query session

URL

https://hackerone.com/reports/417382

Severity score

3.9

Reporter

japz

Bounty paid

$500

Title

Old sessions does not expire On changing password via https://app.passit.io/account/change-password

URL

https://hackerone.com/reports/357625

Severity score

null

Reporter

mitsoova

Bounty paid

null

Title

Admin web sessions remain active after logout of Shopify ID

URL

https://hackerone.com/reports/952035

Severity score

null

Reporter

jaka_tingkir

Bounty paid

$1,000

Title

Improper Session management can cause account takeover[https://micropurchase.18f.gov]

URL

https://hackerone.com/reports/263873

Severity score

null

Reporter

tikoo_sahil

Bounty paid

null