Skip to content

Latest commit

 

History

History
28 lines (27 loc) · 3.8 KB

TOPOPENID.md

File metadata and controls

28 lines (27 loc) · 3.8 KB
Raw

Top OpenID reports from HackerOne:

  1. Email Confirmation Bypass in myshop.myshopify.com that Leads to Full Privilege Escalation to Any Shop Owner by Taking Advantage of the Shopify SSO to Shopify - 1839 upvotes, $16000
  2. Able to Takeover Merchants Accounts Even They Have Already Setup SSO, After Bypassing the Email Confirmation to Shopify - 300 upvotes, $7500
  3. Ability to DOS any organization's SSO and open up the door to account takeovers to Grammarly - 225 upvotes, $10500
  4. Stealing SSO Login Tokens (snappublisher.snapchat.com) to Snapchat - 220 upvotes, $7500
  5. HackerOne SAML signup domain enforcement bypass results in unauthorized access to HackerOne PullRequest organization to HackerOne - 163 upvotes, $0
  6. Insecure Zendesk SSO implementation by generating JWT client-side to Trint Ltd - 92 upvotes, $0
  7. SAML Authentication Bypass on uchat.uberinternal.com to Uber - 83 upvotes, $0
  8. Twitter SSO allows unverified e-mail registration, leads to Slack and social media hijacks to Zendesk - 67 upvotes, $0
  9. [auth2.zomato.com] Reflected XSS at oauth2/fallbacks/error | ORY Hydra an OAuth 2.0 and OpenID Connect Provider to Zomato - 46 upvotes, $0
  10. (HackerOne SSO-SAML) Login CSRF, Open Redirect, and Self-XSS Possible Exploitation to HackerOne - 41 upvotes, $0
  11. Accidental Access to Programs Information via SAML Login to HackerOne - 32 upvotes, $0
  12. Authentication bypass on JetPack SSO manager - Allows to access the administration panel of wordpress without user interaction to Automattic - 32 upvotes, $0
  13. Ability to enumerate private programs using SAML to HackerOne - 23 upvotes, $0
  14. ████ discloses valid Airbnb SSO login names via Google Search Results to Airbnb - 20 upvotes, $0
  15. SAML Response Reuse on hackerone.com/users/saml/auth to HackerOne - 20 upvotes, $0
  16. Limited Open redirection using SSO-SAML to HackerOne - 16 upvotes, $0
  17. SSO bypass in zendesk using trint organization able to leak internal ticket information to Trint Ltd - 13 upvotes, $0
  18. SSO Authentication Bypass to New Relic - 12 upvotes, $0
  19. SSO through odnoklassniki uses http rather than https to Bumble - 12 upvotes, $0
  20. SAML authentication bypass to Rocket.Chat - 12 upvotes, $0
  21. [rev-app.informatica.com] - XXE via SAML to Informatica - 11 upvotes, $0
  22. Update php-saml library to 2.10.5 to Nextcloud - 7 upvotes, $0
  23. Открытое перенапровление на OpenID to Mail.ru - 5 upvotes, $0
  24. Configuration and/or source code files on uchat-staging.uberinternal.com can be viewed without OneLogin SSO Authentication to Uber - 4 upvotes, $0
  25. SAML authentication bypass through unauthenticated addSamlProvider Meteor Call to Rocket.Chat - 3 upvotes, $0
  26. SSO Provider Credential Cache (logged out of Google/GitHub, could still log into Courier) to Courier - 0 upvotes, $0