Top Authentication reports from HackerOne:
- Potential pre-auth RCE on Twitter VPN to X (Formerly Twitter) - 1190 upvotes, $20160
- Improper Authentication - any user can login as other user with otp/logout & otp/login to Snapchat - 916 upvotes, $0
- Subdomain Takeover to Authentication bypass to Roblox - 746 upvotes, $0
- [ RCE ] Through stopping the redirect in /admin/* the attacker able to bypass Authentication And Upload Malicious File to Mail.ru - 340 upvotes, $0
- Shopify admin authentication bypass using partners.shopify.com to Shopify - 298 upvotes, $20000
- Bypass Password Authentication for updating email and phone number - Security Vulnerability to X (Formerly Twitter) - 267 upvotes, $0
- Misuse of an authentication cookie combined with a path traversal on app.starbucks.com permitted access to restricted data to Starbucks - 227 upvotes, $0
- Spring Actuator endpoints publicly available and broken authentication to LY Corporation - 224 upvotes, $12500
- Through blocking the redirect in /* the attacker able to bypass Authentication To see Sensitive Data sush as Game Keys , Emails ,.. to Razer - 196 upvotes, $1000
- Authentication bypass on auth.uber.com via subdomain takeover of saostatic.uber.com to Uber - 168 upvotes, $0
- Authentication bypass on gist.github.com through SSH Certificates to GitHub - 164 upvotes, $10000
- Web Authentication Endpoint Credentials Brute-Force Vulnerability to HackerOne - 151 upvotes, $0
- 2-factor authentication can be disabled when logged in without confirming account password to Localize - 144 upvotes, $0
- [c-api.city-mobil.ru] Client authentication bypass leads to information disclosure to Mail.ru - 143 upvotes, $0
- Incorrect param parsing in Digits web authentication to X (Formerly Twitter) - 122 upvotes, $0
- RCE/LFI on test Jenkins instance due to improper authentication flow to Snapchat - 108 upvotes, $0
- Thailand - a small number of SMB CCTV footage backup servers were accessible without authentication. to Starbucks - 92 upvotes, $0
- User account compromised authentication bypass via oauth token impersonation to Picsart - 91 upvotes, $0
- SAML Authentication Bypass on uchat.uberinternal.com to Uber - 83 upvotes, $8500
- Account Takeover via SMS Authentication Flow to Zenly - 83 upvotes, $0
- Admin Authentication Bypass Lead to Admin Account Takeover to UPS VDP - 80 upvotes, $0
- Pre-auth Remote Code Execution on multiple Uber SSL VPN servers to Uber - 77 upvotes, $2000
- Account takeover w/o interaction for a user that doesn't have 2fa enabled via 2fa linking and improper auth at /api/2fa/verify to Helium - 77 upvotes, $0
- Docker Registry HTTP API v2 exposed in HTTP without authentication leads to docker images dumping and poisoning to Semmle - 76 upvotes, $0
- OneLogin authentication bypass on WordPress sites via XMLRPC to Uber - 73 upvotes, $7000
- RCE, SQLi, IDOR, Auth Bypass and XSS at [staff.███.edu.eg ] to ██████ - 71 upvotes, $0
- access to profile & reset password page without authentication to Tennessee Valley Authority - 63 upvotes, $0
- Broken Authentication - Security token gets captured via man in the middle attack to Automattic - 62 upvotes, $0
- Authentication Bypass to (CVE-2023-2982) to CS Money - 59 upvotes, $100
- Improper Authentication in Vimeo's API 'versions' endpoint. to Vimeo - 58 upvotes, $0
- Ability to access all user authentication tokens, leads to RCE to GitLab - 57 upvotes, $0
- insecure storage of information, you can view any file uploaded to the server without authentication and only with a single link to Radancy - 55 upvotes, $0
- Improper Authentication (Login without Registration with any user) at ████ to U.S. Dept Of Defense - 53 upvotes, $0
- Ability to log in as any user without authentication if █████████ is empty to Ubiquiti Inc. - 52 upvotes, $0
- OneLogin authentication bypass on WordPress sites to Uber - 51 upvotes, $10000
- Bypass Password Authentication to Update the Password to X (Formerly Twitter) - 51 upvotes, $0
- Two-factor authentication enforcement bypass to Nextcloud - 50 upvotes, $750
- Basic auth header on WebDAV requests is not bruteforce protected to Nextcloud - 49 upvotes, $0
- Authentication bypass in Global Site Selector allows an attacker to log in as any user to Nextcloud - 48 upvotes, $0
- Authentication bypass on sso.ubnt.com via subdomain takeover of ping.ubnt.com to Ubiquiti Inc. - 47 upvotes, $0
- [Android] Directory traversal leading to disclosure of auth tokens to Slack - 46 upvotes, $3500
- Authentication bypass for ███ leads to take over any users account. to Krisp - 44 upvotes, $0
- Login CSRF : Login Authentication Flaw on https://liberapay.com/ to Liberapay - 43 upvotes, $0
- Missing authentication in buddy group API of LINE TIMELINE to LY Corporation - 41 upvotes, $3000
- Authentication Bypass on Icinga monitoring server to Shopify - 40 upvotes, $0
- Improper Authentication inside the Rockstar Games Launcher which leads to Account takeover to some extend to Rockstar Games - 39 upvotes, $750
- Authentication token and CSRF token bypass to Enjin - 39 upvotes, $300
- Broken Authentication and Session Management Flaw After Change Password and Logout to Omise - 39 upvotes, $0
- bypass two-factor authentication in Android apps and web to TikTok - 39 upvotes, $0
- Two-factor authentication bypass on Grab Android App to Grab - 38 upvotes, $0
- PHPMYADMIN Setup is accessible without authentication on https://lml.lahitapiola.fi/ to LocalTapiola - 36 upvotes, $0
- Authentication bypass on JetPack SSO manager - Allows to access the administration panel of wordpress without user interaction to Automattic - 33 upvotes, $0
- Bypass Password Authentication to Update the Password to X (Formerly Twitter) - 31 upvotes, $0
- Authentication & Registration Bypass in Newspack Extended Access to Automattic - 31 upvotes, $0
- Bypass two-factor authentication to Slack - 30 upvotes, $500
- Authentication CSRF resulting in unauthorized account access on Krisp app to Krisp - 30 upvotes, $0
- IBM Maximo Asset Management could allow a remote attacker to bypass authentication due to improper access controls to IBM - 30 upvotes, $0
- Authentication Bypass - Chaining two vulnerabilities leads to account takeover at en.instagram-brand.com to Automattic - 29 upvotes, $0
- bypass two-factor authentication. to LinkedIn - 29 upvotes, $0
- Improper Authentication on Alertmanager instance to IBM - 29 upvotes, $0
- Authentication Bypass with usage of PreSignedURL to ownCloud - 28 upvotes, $2000
- [data-07.uberinternal.com] SSRF in Portainer app lead to access to Internal Docker API without Auth to Uber - 28 upvotes, $500
- Broken Authentication and session management OWASP A2 to HackerOne - 28 upvotes, $0
- [jitsi-meet] Authentication Bypass when using JWT w/ public keys to 8x8 - 28 upvotes, $0
- Bypass for forced re-authentication upon biometrics change to Bitwarden - 28 upvotes, $0
- Authentication Bypass by abusing Insecure crypto tokens in /lib/OA/Dal/PasswordRecovery.php: to Revive Adserver - 27 upvotes, $0
- Username restriction bypass with SSL client authentication to Open-Xchange - 26 upvotes, $1000
- CSRF in all API endpoints when authenticated using HTTP Authentication to Shopify - 26 upvotes, $0
- Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464) to U.S. Dept Of Defense - 26 upvotes, $0
- Bypass two-factor authentication to Cloudflare Public Bug Bounty - 25 upvotes, $250
- Admins can change authentication details of user configured external storage to Nextcloud - 25 upvotes, $100
- Authentication bypass and RCE on the https://████ due to exposed Cisco TelePresence SX80 with default credentials to U.S. Dept Of Defense - 25 upvotes, $0
- Broken Authentication Session Token Bug to Courier - 25 upvotes, $0
- Shop App - Attacker is able to intercept authorization code during authentication (OAuth) and is able to get access to Microsoft Outlook email account to Shopify - 24 upvotes, $900
- Uninstalling Rockstar Games Launcher for Windows (64-bit), then reinstalling keeps you logged in without authentication to Rockstar Games - 24 upvotes, $250
- Authentication Issue to Coinbase - 24 upvotes, $200
- Two-factor authentication can be disabled when logged in without 2fa or password confirmation to Zivver - 24 upvotes, $0
- Developer uploaded files missing authentication on LINE GAME Developers site(gdc.game.line.me) to LY Corporation - 24 upvotes, $0
- [www.boozt.com] - Authentication bypass to Boozt Fashion AB - 23 upvotes, $200
- CVE-2024-25128: Apache Airflow: Authentication Bypass when Legacy OpenID(2.0) is in use as AUTH_TYPE to Internet Bug Bounty - 22 upvotes, $2580
- Docker Registry without authentication leads to docker images download to U.S. Dept Of Defense - 22 upvotes, $0
- Administration page visible without authentication to Visma Public - 21 upvotes, $100
- Broken Authentication and session management OWASP A2 to Liberapay - 21 upvotes, $0
- Improper restriction of excessive authentication attempts on WebDAV endpoint to Nextcloud - 21 upvotes, $0
- Wordpress 4.7 - CSRF -> HTTP SSRF any private ip:port and basic-auth to WordPress - 20 upvotes, $0
- Broken Authentication and Session Management to Phabricator - 19 upvotes, $0
- Access to all █████████ files, including CAC authentication bypass to U.S. Dept Of Defense - 19 upvotes, $0
- Client side authentication leads to Auth Bypass to U.S. Dept Of Defense - 18 upvotes, $0
- Disavowed an email without any authentication to Liberapay - 18 upvotes, $0
- Bypassing password authentication of users that have 2FA enabled to GitLab - 17 upvotes, $0
- IDOR - Access to private video thumbnails even if video requires password authentication to Pornhub - 17 upvotes, $0
- Pre-Auth Blind NoSQL Injection leading to Remote Code Execution to Rocket.Chat - 17 upvotes, $0
- Uninstalling Mattermost Launcher for Windows (64-bit), then reinstalling keeps you logged in without authentication to Mattermost - 17 upvotes, $0
- Dovecot authentication is vulnerable to timing attacks. to Open-Xchange - 16 upvotes, $600
- Authentication Issue to Nextcloud - 16 upvotes, $50
- 2-factor authentication bypass to Algolia - 16 upvotes, $0
- WEBrick::HTTPAuth::DigestAuth authentication is vulnerable to regular expression denial of service (ReDoS) to Ruby - 16 upvotes, $0
- Store Deletion or Sell without authentication to Shopify - 16 upvotes, $0
- broken authentication (password reset link not expire after use in https://network.tochka.com/sign-up) to QIWI - 16 upvotes, $0
- Uninstalling Slack for Windows (64-bit), then reinstalling keeps you logged in without authentication to Slack - 15 upvotes, $500
- Drupal 7 pre auth sql injection and remote code execution to Internet Bug Bounty - 15 upvotes, $0
- Mobile Authentication Endpoint Credentials Brute-Force Vulnerability to New Relic - 15 upvotes, $0
- anti_ransomware_service.exe REST API does not require authentication to Acronis - 15 upvotes, $0
- Authentication Bypass & ApacheTomcat Misconfiguration in [██] to 8x8 - 15 upvotes, $0
- Two Factor Authentication Bypass to Ubiquiti Inc. - 14 upvotes, $0
- Akismet API keys are exposed by authentication method to Automattic - 14 upvotes, $0
- WordPress admin is accessible without HTTP authentication to Showmax - 13 upvotes, $0
- Improper Restriction of Excessive Authentication Attempts at http://terrafoot.ru/login.php (Rate Limit bypass via IP Rotation) to Mail.ru - 13 upvotes, $0
- Administration Authentication Bypass on https://█████ to U.S. Dept Of Defense - 13 upvotes, $0
- Basic Authentication Heap Overflow to Internet Bug Bounty - 13 upvotes, $0
- Leak of Platform Authentication credentials via Repeater to PortSwigger Web Security - 12 upvotes, $200
- SSO Authentication Bypass to New Relic - 12 upvotes, $0
- Broken Authentication – Session Token bug to Weblate - 12 upvotes, $0
- SAML authentication bypass to Rocket.Chat - 12 upvotes, $0
- Attacker can bypass authentication build on ingress external auth (
nginx.ingress.kubernetes.io/auth-url
) to Kubernetes - 12 upvotes, $0 - Pre-auth Denial-of-Service in Dovecot RPA implementation to Open-Xchange - 11 upvotes, $550
- Broken authentication and session management flaw to Coursera - 11 upvotes, $0
- Broken Authentication & Session Management (Login Bypass) at support.owox.com to OWOX, Inc. - 11 upvotes, $0
- pre-auth Stored XSS in comments via javascript: url when administrator edits user supplied comment to WordPress - 11 upvotes, $0
- Store Admin Page Accessible Without Authentication at http://www.grouplogic.com/ADMIN/store/index.cfm to Acronis - 10 upvotes, $250
- Text injection on Auth problem at urbandictionary.com to Urban Dictionary - 10 upvotes, $0
- Significant Two step verification Authentication Bypass to Dropbox - 10 upvotes, $0
- Hi! Security Team Rocket.Chat, It's possible to get information about the users emails without authentication to Rocket.Chat - 10 upvotes, $0
- Improper Restriction of Excessive Authentication Attempts at https://top.mail.ru/edit? for site counter (Rate Limit bypass via IP Rotation) to Mail.ru - 10 upvotes, $0
- Post-Auth Blind NoSQL Injection in the users.list API leads to Remote Code Execution to Rocket.Chat - 10 upvotes, $0
- Disclosure of internal information using hidden NTLM authentication leading to an exploit server to MTN Group - 10 upvotes, $0
- Broken Authentication to U.S. Dept Of Defense - 10 upvotes, $0
- Authentication bypass in ████████ to MTN Group - 10 upvotes, $0
- Java: CWE-522 Insecure basic authentication to GitHub Security Lab - 9 upvotes, $2300
- Authentication Bypass on monitoring server to Shopify - 9 upvotes, $0
- Authentication bypass vulnerability on a DoD website to U.S. Dept Of Defense - 9 upvotes, $0
- Account Takeover using Third party Auth CSRF to Weblate - 9 upvotes, $0
- Login CSRF : Login Authentication Flaw to Weblate - 9 upvotes, $0
- Lack of Sanitization and Insufficient Authentication to WordPress - 9 upvotes, $0
- Exposed authentication (/cs/Satellite) to LocalTapiola - 9 upvotes, $0
- Basic auth details is still work on report ( 351555 ) to Reverb.com - 9 upvotes, $0
- [express-laravel-passport] Improper Authentication to Node.js third-party modules - 9 upvotes, $0
- Improper Restriction of Excessive Authentication Attempts at https://ucs.ru/login to Mail.ru - 9 upvotes, $0
- Improper Restriction of Excessive Authentication Attempts via https://certification.mail.ru/auth-form/?form=auth_certy (Rate limit Bypass) to Mail.ru - 9 upvotes, $0
- Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464) to U.S. Dept Of Defense - 9 upvotes, $0
- Improper Authentication via previous backup code login to Basecamp - 9 upvotes, $0
- SMB User Authentication Bypass and Persistence to ownCloud - 8 upvotes, $0
- Cleartext protocol after bank authentication (yrityspalvelu.tapiola.fi) to LocalTapiola - 8 upvotes, $0
- Authentication Required When password change to Passit - 8 upvotes, $0
- Double authentication bypass to Mail.ru - 8 upvotes, $0
- Physical Access to Mobile App Allows Local Attribute Updates without Authentication to Uber - 8 upvotes, $0
- Message Authentication Codes calculated by the Default Encryption Module allow an attacker to silently overwrite blocks in a file to Nextcloud - 8 upvotes, $0
- Unauthorized Access to Internal Server Panel without Authentication to U.S. Dept Of Defense - 8 upvotes, $0
- Elasticsearch is currently open without authentication on https://██████l to U.S. Dept Of Defense - 8 upvotes, $0
- WordPress Authentication Denial of Service to Instacart - 7 upvotes, $100
- Category- Broken Authentication and Session Management (leads to account compromise if some conditions are met) to HackerOne - 7 upvotes, $0
- Broken authentication and invalidated email address leads to account takeover to X (Formerly Twitter) - 7 upvotes, $0
- Authentication Bypass in Updating Personal Information to Instacart - 7 upvotes, $0
- [ipm.informatica.com]- Broken Authentication to Informatica - 7 upvotes, $0
- The auth token does not expire on logging out and even after logging out all sessions to Mail.ru - 7 upvotes, $0
- Improper Restriction of Excessive Authentication Attempts at o2-ac.my.com/token to Mail.ru - 7 upvotes, $0
- Password authentication when changing information bypass. Bypass of report #721341 to Khan Academy - 7 upvotes, $0
- Improper Restriction of Excessive Authentication Attempts at https://mirror.w1.dwar.ru/login.php to Mail.ru - 7 upvotes, $0
- Authentication bypass leads to sensitive data exposure (token+secret) to Slack - 6 upvotes, $2000
- Broken Authentication and Session Management to Secret - 6 upvotes, $0
- Critical : Access to group videos where videos are restricted for all users(Broken authentication ) to ok.ru - 6 upvotes, $0
- X-Content-Type-Options header missing at Auth Login to GoCD - 6 upvotes, $0
- Payment gateway status transferred to Shopify without authentication to Shopify - 6 upvotes, $0
- [gitmm.corp.mail.ru] Auth Bypass, Information Disclosure to Mail.ru - 6 upvotes, $0
- HTTP - Basic Authentication on https://www.stellar.org/wp-login.php to Stellar.org - 6 upvotes, $0
- Cross Site Request Forgery in auth in https://auth.ratelimited.me/ to RATELIMITED - 6 upvotes, $0
- Compromise of auth via subset/superset namespace names. to Kubernetes - 6 upvotes, $0
- Improper authentication on phpmyadmin portal which is hosted in https://eventapp.engelvoelkers.com to Engel & Völkers Technology GmbH - 6 upvotes, $0
- Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464) to U.S. Dept Of Defense - 6 upvotes, $0
- Add me email address Authentication bypass to LinkedIn - 6 upvotes, $0
- Authentication bypass leads to Information Disclosure at U.S Air Force "https://███" to U.S. Dept Of Defense - 6 upvotes, $0
- Pre-auth buffer over-read in Dovecot NTLM implementation to Open-Xchange - 5 upvotes, $550
- Broken Authentication & Session Management - Failure to Invalidate Session on all other browsers at Password change to Paragon Initiative Enterprises - 5 upvotes, $0
- [tor] control connection pre-auth DoS (infinite loop) with --enable-bufferevents to Tor - 5 upvotes, $0
- Improper authentication on registration to Semrush - 5 upvotes, $0
- https://█████████ Vulnerable to CVE-2018-0296 Cisco ASA Path Traversal Authentication Bypass to U.S. Dept Of Defense - 5 upvotes, $0
- Post-Auth Stored XSS with User Interaction leads to Remote Code Execution to Rocket.Chat - 5 upvotes, $0
- Tokenless GUI Authentication to Kubernetes - 5 upvotes, $0
- Authentication Bypass Using Default Credentials on █████ to U.S. Dept Of Defense - 5 upvotes, $0
- Urgent : Disclosure of all the apps with hash ID in mopub through API request (Authentication bypass) to X (Formerly Twitter) - 4 upvotes, $280
- Broken Authentication (including Slack OAuth bugs) to Slack - 4 upvotes, $0
- HTTP-Basic Authentication on logs.nextcloud.com to Nextcloud - 4 upvotes, $0
- Configuration and/or source code files on uchat-staging.uberinternal.com can be viewed without OneLogin SSO Authentication to Uber - 4 upvotes, $0
- Broken Authentication: A project addition request can be used multiple time for different users to Semrush - 4 upvotes, $0
- *.shopify.com - Authentication bypass to Shopify - 4 upvotes, $0
- Grafana default username password authentication into the Grafana platform of the grafana.ev-cloud-platform.engelvoelkers.com to Engel & Völkers Technology GmbH - 4 upvotes, $0
- Authentication Bypass - Email Verification code bypass in account registration process. to UPchieve - 4 upvotes, $0
- [Java] CWE-522: Insecure LDAP authentication to GitHub Security Lab - 3 upvotes, $1800
- Twitter Ads Campaign information disclosure through admin without any authentication. to X (Formerly Twitter) - 3 upvotes, $560
- No rate-limit in Two factor Authentication leads to bypass using bruteforce attack to Algolia - 3 upvotes, $100
- MD5 used for Key-Auth signatures to WP API - 3 upvotes, $0
- apps.owncloud.com: SSL Server Allows Anonymous Authentication Vulnerability (SMTP) to ownCloud - 3 upvotes, $0
- Auth bypass on directory.corp.ubnt.com to Ubiquiti Inc. - 3 upvotes, $0
- Critical IDOR - Get Authentication Details of any Terminal/Gatekeeper to Veris - 3 upvotes, $0
- Defect-Security | Driver-Broken Authentication | Able to update the Subscription Setting anonymously to Uber - 3 upvotes, $0
- Open Redirect via "next" parameter in third-party authentication to Weblate - 3 upvotes, $0
- Can upload files without authentication on AirFibre 3.2 to Ubiquiti Inc. - 3 upvotes, $0
- Existing sessions valid after removing third party auth to Weblate - 3 upvotes, $0
- The Uber Promo Customer Endpoint Does Not Implement Multifactor Authentication, Blacklisting or Rate Limiting to Uber - 3 upvotes, $0
- No authentication on email address for password reset functionality/ https://platform.thecoalition.com/forgot-password to Coalition, Inc. - 3 upvotes, $0
- Missing Two Factor Authentication in /admin/login to CFP Time - 3 upvotes, $0
- Able to view Backend Database dur to improper authentication to U.S. Dept Of Defense - 3 upvotes, $0
- Two-factor authentication (2FA) Bypass to BlockDev Sp. Z o.o - 3 upvotes, $0
- Broken Authentication and session management OWASP A2 to WakaTime - 3 upvotes, $0
- █████████ - Insecure download cookie generation allows bypass of CAC authentication, access to deleted and locked files to U.S. Dept Of Defense - 3 upvotes, $0
- Improper Restriction of Excessive Authentication Attempts at https://api.warrobots.com/auth (Pixonic Games) to Mail.ru - 3 upvotes, $0
- SAML authentication bypass through unauthenticated
addSamlProvider
Meteor Call to Rocket.Chat - 3 upvotes, $0 - The authentication code when activating 2FA can be used again to log in to Shopify - 3 upvotes, $0
- No admin audit log for auth tokens to Nextcloud - 3 upvotes, $0
- [JAVA]: CWE-347 - Improper Verification of Cryptographic Signature : Potential for Auth Bypass to GitHub Security Lab - 3 upvotes, $0
- Potential Authentication Bypass through "autologin" feature to ImpressCMS - 3 upvotes, $0
- Bypass local authentication (PIN code) to Rocket.Chat - 3 upvotes, $0
- TOTP 2 Factor Authentication Bypass to Rocket.Chat - 3 upvotes, $0
- [Python] CWE-287: LDAP Improper Authentication to GitHub Security Lab - 2 upvotes, $1800
- [Python] CWE-522: Insecure LDAP Authentication to GitHub Security Lab - 2 upvotes, $1800
- Authentication Failed Mobile version to Shopify - 2 upvotes, $500
- Broken Authentication on Badoo to Bumble - 2 upvotes, $427
- Top 10 2013-A2-Broken Authentication and Session Management - wordpress.com to Automattic - 2 upvotes, $0
- broken authentication to Concrete CMS - 2 upvotes, $0
- Weak Random Number Generator for Auth Tokens to joola.io - 2 upvotes, $0
- Two-factor authentication (via SMS) to Coinbase - 2 upvotes, $0
- Authentication bypass at fast.corp.yahoo.com to Yahoo! - 2 upvotes, $0
- Verification code issues for Two-Step Authentication to Automattic - 2 upvotes, $0
- Bypassed password authentication before enabling OTP verification to Shopify - 2 upvotes, $0
- Email Authentication Bypass to Paragon Initiative Enterprises - 2 upvotes, $0
- Authentication Bypassing and Sensitive Information Disclosure on Verify Email Address in Registration Flow to Zomato - 2 upvotes, $0
- Missing authentication on Notification setting . to Uber - 2 upvotes, $0
- Not clearing hex-decoded variable after usage in Authentication to Paragon Initiative Enterprises - 2 upvotes, $0
- Improper access control when an added email address is deleted from authentication to Weblate - 2 upvotes, $0
- putty pscp client-side post-auth stack buffer overwrite when processing remote file size to Internet Bug Bounty - 2 upvotes, $0
- Password authentication at newsletter.nextcloud.com discloses username list to Nextcloud - 2 upvotes, $0
- [h1-2006 CTF] Multiple vulnerabilities leading to account takeover and two-factor authentication bypass allows to send pending bounty payments to h1-ctf - 2 upvotes, $0
- [authmagic-timerange-stateless-core] Improper Authentication to Node.js third-party modules - 2 upvotes, $0
- 2 factor authentication design flaw to Coinbase - 1 upvotes, $0
- BROKEN AUTHENTICATION IN MOBILE VERIFICATION to X (Formerly Twitter) - 1 upvotes, $0
- unvalid open authentication with facebook to Vimeo - 1 upvotes, $0
- open authentication bug to Coinbase - 1 upvotes, $0
- Authentication errors in server side validaton of E-MAIL to Gratipay - 1 upvotes, $0
- Authentication Bypass in Yahoo Groups to Yahoo! - 1 upvotes, $0
- Authentication Bypass due to Session Mismanagement to Yahoo! - 1 upvotes, $0
- [api.allodsteam.com] Authentication Data to Mail.ru - 1 upvotes, $0
- Authentication Data are not Clearing to Udemy - 1 upvotes, $0
- No authentication required to add an email address. to Phabricator - 1 upvotes, $0
- Email Authentication bypass Vulnerability to Paragon Initiative Enterprises - 1 upvotes, $0
- Authentication Issue for easter egg on bonjour.uber.com to Uber - 1 upvotes, $0
- The application uses basic authentication. to Nextcloud - 1 upvotes, $0
- Broken Authentication and Session Management(Session Fixation) to Boozt Fashion AB - 1 upvotes, $0
- clickjacking to Semrush auth login to Semrush - 1 upvotes, $0
- Bypass Local Authentication (TouchID) to Dropbox - 1 upvotes, $0
- Improper authentication in the load sell inventory page to CS Money - 1 upvotes, $0
- [JAVA]: CWE-347 - Improper Verification of Cryptographic Signature : Potential for Auth Bypass to GitHub Security Lab - 1 upvotes, $0
- Broken Authentication and Session Management lead to take over account to Phabricator - 1 upvotes, $0
- Certificate authentication re-use on redirect to curl - 1 upvotes, $0
- The software does not implement sufficient measures to prevent multiple failed authentication attempts within in a short time frame, making it more su to LinkedIn - 1 upvotes, $0
- Sensitive settings need Re authentication to WePay - 0 upvotes, $0
- Broken Authentication – Session Token bug to WePay - 0 upvotes, $0
- Broken Authentication and session management OWASP A2 to New Relic - 0 upvotes, $0