Doug1 Comment on Discovering & educating about account access

Discovering & educating about account access

This evening I discovered a possible security problem with an online service who sell a physical problem.

I’m being intentionally vague now since I’ve responsibly disclosed it to the company and they’re going to work on it. They’ve let me know I can publish a post when it’s fixed.

For ethical hackers, there is HackerOne, but to submit a bug, a) the company has to exist on the program, and b) it needs to be a code exploit (I believe).

This bug isn’t a code based exploit as such and the company don’t exist on H1 from what I can see.

I’ll update when I hear back from them.

1 thought on “Discovering & educating about account access

  1. Pingback: Is this a security exploit / good enough for bug bounty? – doug dot blog…

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

%d bloggers like this:
search previous next tag category expand menu location phone mail time cart zoom edit close