Discovering & educating about account access

This evening I discovered a possible security problem with an online service who sell a physical problem.

I’m being intentionally vague now since I’ve responsibly disclosed it to the company and they’re going to work on it. They’ve let me know I can publish a post when it’s fixed.

For ethical hackers, there is HackerOne, but to submit a bug, a) the company has to exist on the program, and b) it needs to be a code exploit (I believe).

This bug isn’t a code based exploit as such and the company don’t exist on H1 from what I can see.

I’ll update when I hear back from them.

1 thought on “Discovering & educating about account access

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this:
search previous next tag category expand menu location phone mail time cart zoom edit close