The Microsoft Store Uber App Does Not Implement Server-side Token Revocation
https://hackerone.com/reports/293363
null
gregoryvperry
null
No Session change on Password change
https://hackerone.com/reports/280585
null
craxermgr
null
No expiration of session ID after Password change
https://hackerone.com/reports/223327
null
str33
null
No session expiry after log-out and session id exposed in URL
https://hackerone.com/reports/434715
null
amalyoman
$300
The Federalsit session cookie (federalist.sid) is not properly invalidated - backdoor access to the account is possible
https://hackerone.com/reports/250688
null
sp1d3rs
$150
Able to continue user creation process after deleting the HTML element that shows the message that the session is closed
https://hackerone.com/reports/810400
null
gamliel
$100
Invalidate session after password reset on https://polldaddy.com
https://hackerone.com/reports/273881
null
nullsaint
null
Доступ к аккаунту после смены пароля.
https://hackerone.com/reports/490402
1.8
rogov
$100
Bypassing Protection Mechanism: Change of Account Name after Session Log out
https://hackerone.com/reports/789305
null
ashmek
null
Failure to Invalid Session after Password Change
https://hackerone.com/reports/514577
null
d3tonator
null
Session misconfiguration on forget password feature at https://ort-admin.pingone.com
https://hackerone.com/reports/659957
null
gujjuboy10x00
$100
Узнаем несколько цифр номера телефона юзера (можно флудить смс), всего раз узнав его remixsid и его ид юзера, и установка оффлайна юзерам.
https://hackerone.com/reports/390126
7.3
povargek
$300
Improper session handling on web browsers
https://hackerone.com/reports/347748
null
arjuniet
$560
Keychain data persistence may lead to account takeover
https://hackerone.com/reports/761975
null
0x3c3e
$100
Session replay vulnerability in www.urbandictionary.com
https://hackerone.com/reports/216294
8.8
tcpiplab
null
Weak Session ID Implementation - No Session change on Password change
https://hackerone.com/reports/272839
null
wdem
$40
Session replay vulnerability in app.workbox.dk domain
https://hackerone.com/reports/808731
null
hacker_bullish
$100
Revoking user session in https://hackerone.com/settings/sessions does not revoke the GraphQL query session
https://hackerone.com/reports/417382
3.9
japz
$500
Old sessions does not expire On changing password via https://app.passit.io/account/change-password
https://hackerone.com/reports/357625
null
mitsoova
null
Admin web sessions remain active after logout of Shopify ID
https://hackerone.com/reports/952035
null
jaka_tingkir
$1,000
Improper Session management can cause account takeover[https://micropurchase.18f.gov]
https://hackerone.com/reports/263873
null
tikoo_sahil
null