User credentials are not strong on vault.uber.com

Disclosed: 2016-07-26 00:30:23 By bugs3ra To uber

Unknown

Vulnerability Details

I was just trying to login vault.uber.com I entered email **xx** and password **xx**, I got loggedin to someones account. I entered email **zz** and password **zz**, I got loggedin to someones account. It means passowrd complexity and length of username/email is not enforced. This allowed my to access the someones account. Since it contains payment related information, password complexity and email should be there.

Actions

View on HackerOne

Report Stats

Report ID: 128895
State: Closed
Substate: duplicate
Upvotes: 1

User credentials are not strong on vault.uber.com

Vulnerability Details

Actions

Report Stats

Share this report