Vulnerability Summary
HackerOne disclosed report --> https://hackerone.com/reports/3356149 by 0x7ashish
The application requires users to enable 2FA before sending team invitations. However, this restriction can be bypassed by modifying client-side responses (match and replace from false to true). This allows invitations to be sent without enabling 2FA, defeating the security requirement.
Sign up / log in to the application.
Go to the Team section.
Try to invite a new member → the application blocks the request, requiring 2FA.
hackerone-reportsHackerOne disclosed report --> https://hackerone.com/reports/3543475 by xavlimsg
hackerone-reportsHackerOne disclosed report --> https://hackerone.com/reports/3020021 by adilnbabras
hackerone-reportsHackerOne disclosed report --> https://hackerone.com/reports/3325582 by adilnbabras
No comments yet.
Be the first to share your thoughts
Log in to join the discussion.
Sign In