Edit Auto Response Messages
Unknown
Vulnerability Details
Not completely sure if this is by design due to encountering it for the first time.
When a company has `auto response` turned on, the reporter can change the contents of the message without any problems.
The reporter should not be able to change the contents of the companies auto response in any way due to the fact that they should not have privileges to that feature.
PoC:
Users can abuse this by changing the contents of the auto response to something else.
Actions
View on HackerOneReport Stats
- Report ID: 123027
- State: Closed
- Substate: resolved
- Upvotes: 4