doug dot blog…

Discovering & educating about account access

This evening I discovered a possible security problem with an online service who sell a physical problem.

I’m being intentionally vague now since I’ve responsibly disclosed it to the company and they’re going to work on it. They’ve let me know I can publish a post when it’s fixed.

If I find a security hole for a security focused company, does that count as big bounty even if there isn’t a code based exploit as such? 🤔

— Doug (@dougaitken) January 4, 2019

For ethical hackers, there is HackerOne, but to submit a bug, a) the company has to exist on the program, and b) it needs to be a code exploit (I believe).

This bug isn’t a code based exploit as such and the company don’t exist on H1 from what I can see.

I’ll update when I hear back from them.

Doug

January 4, 2019

self, tech

hackerone, responsible disclosure, security exploit

One response to “Discovering & educating about account access”

Is this a security exploit / good enough for bug bounty? – doug dot blog…

January 10, 2019 at 9:10 pm

[…] I posted about account access? This is the long story of how that came […]

LikeLike

Reply

Discovering & educating about account access

Share?

One response to “Discovering & educating about account access”

Leave a comment Cancel reply