Top OpenID reports from HackerOne:
- Email Confirmation Bypass in myshop.myshopify.com that Leads to Full Privilege Escalation to Any Shop Owner by Taking Advantage of the Shopify SSO to Shopify - 1839 upvotes, $16000
- Able to Takeover Merchants Accounts Even They Have Already Setup SSO, After Bypassing the Email Confirmation to Shopify - 300 upvotes, $7500
- Ability to DOS any organization's SSO and open up the door to account takeovers to Grammarly - 225 upvotes, $10500
- Stealing SSO Login Tokens (snappublisher.snapchat.com) to Snapchat - 220 upvotes, $7500
- HackerOne SAML signup domain enforcement bypass results in unauthorized access to HackerOne PullRequest organization to HackerOne - 163 upvotes, $0
- Insecure Zendesk SSO implementation by generating JWT client-side to Trint Ltd - 92 upvotes, $0
- SAML Authentication Bypass on uchat.uberinternal.com to Uber - 83 upvotes, $0
- Twitter SSO allows unverified e-mail registration, leads to Slack and social media hijacks to Zendesk - 67 upvotes, $0
- [auth2.zomato.com] Reflected XSS at
oauth2/fallbacks/error
| ORY Hydra an OAuth 2.0 and OpenID Connect Provider to Zomato - 46 upvotes, $0 - (HackerOne SSO-SAML) Login CSRF, Open Redirect, and Self-XSS Possible Exploitation to HackerOne - 41 upvotes, $0
- Accidental Access to Programs Information via SAML Login to HackerOne - 32 upvotes, $0
- Authentication bypass on JetPack SSO manager - Allows to access the administration panel of wordpress without user interaction to Automattic - 32 upvotes, $0
- Ability to enumerate private programs using SAML to HackerOne - 23 upvotes, $0
- ████ discloses valid Airbnb SSO login names via Google Search Results to Airbnb - 20 upvotes, $0
- SAML Response Reuse on hackerone.com/users/saml/auth to HackerOne - 20 upvotes, $0
- Limited Open redirection using SSO-SAML to HackerOne - 16 upvotes, $0
- SSO bypass in zendesk using trint organization able to leak internal ticket information to Trint Ltd - 13 upvotes, $0
- SSO Authentication Bypass to New Relic - 12 upvotes, $0
- SSO through odnoklassniki uses http rather than https to Bumble - 12 upvotes, $0
- SAML authentication bypass to Rocket.Chat - 12 upvotes, $0
- [rev-app.informatica.com] - XXE via SAML to Informatica - 11 upvotes, $0
- Update php-saml library to 2.10.5 to Nextcloud - 7 upvotes, $0
- Открытое перенапровление на OpenID to Mail.ru - 5 upvotes, $0
- Configuration and/or source code files on uchat-staging.uberinternal.com can be viewed without OneLogin SSO Authentication to Uber - 4 upvotes, $0
- SAML authentication bypass through unauthenticated
addSamlProvider
Meteor Call to Rocket.Chat - 3 upvotes, $0 - SSO Provider Credential Cache (logged out of Google/GitHub, could still log into Courier) to Courier - 0 upvotes, $0