![]() ![]() ![]() HackerOne is a hugely popular bug bounty platform that connects ethical hackers with organizations that pay rewards for vulnerabilities that are found in their software, services or products. PayPal said that it "implemented additional controls on the security challenge request to prevent token reuse, which resolved the issue, and no evidence of abuse was found." Hacking for cash and kudos Within 24 hours, PayPal had patched the vulnerability. The exploit was validated by HackerOne 18 days later, and Birsan received his bounty payment on December 10. ![]() As Birsan said, however, in the real-world of the social engineering attack, "the only user interaction needed would have been a single visit to an attacker-controlled web page." PayPal patches password vulnerabilityīirsan submitted his proof of concept of all the above to PayPal, via the HackerOne bug bounty platform, on November 18, 2019. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |