Home Security HackerOne Awarded $3500 Bounties For Two Vulnerabilities

HackerOne Awarded $3500 Bounties For Two Vulnerabilities

by ethhack

HackerOne isn’t only a platform that is helping the businesses to stay safe. Rather, it also welcomes bug reports from the researchers for its own vulnerabilities too. Moreover, it also acknowledges the efforts of the researchers by awarding bounties. Recently, HackerOne awarded $3500 in bounties within two days to different researchers who reported information disclosure vulnerabilities affecting the platform.

HackerOne Information Disclosure Vulnerabilities

Reportedly, the popular cybersecurity platform HackerOne exhibited two different security flaws. Specifically, two different researchers found information disclosure vulnerabilities affecting different features of the platform.

The first of these vulnerabilities caught attention of the researcher with alias ‘nathand’. As elaborated in a HackerOne report, they found that searching specific words in Hacktivity exposed some private or redacted information through search results. According to the researcher,

By abusing this, an attacker could reveal content hidden in a limited disclosed report.

However, HackerOne clarified that this issue only affected some publicly disclosed reports. They also assured no exploitation of the bug. The vulnerability received a medium severity rating with a score of 4.4.

Another researcher with alias ‘ayid’ found the other vulnerability exposing information. As elaborated in another report, he noticed that latest_activity_id and latest_activity_at exposed internal discussion to unauthorized users. HackerOne rated this bug as ‘low’ severity flaw with a score of 3.4.

Researchers Won $3500 Bounties

HackerOne promptly acknowledged both the bugs and patched them. Not only the platform fixed the vulnerabilities, but it also awarded the researchers with bounties. Specifically, the researcher nathand received $2500, whereas ayid received $1000.

Following the fixes, HackerOne permitted public disclosure of the flaws.

HackerOne is a platform known for developing coordination between  businesses and the cybersecurity community. The platform supports the firms to stay safe from potential cyber attacks, whereas the researchers also get the opportunity to make money through their efforts of finding vulnerabilities.

Let us know your thoughts in the comments.

The following two tabs change content below.
Avatar
Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]
Avatar

Source link

Related Articles

Leave a Comment