faspex.uber.com uses an invalid SSL certificate

Disclosed: 2016-07-07 23:03:32 By ddworken To uber

Unknown

Vulnerability Details

The SSL certificate deployed on faspex.uber.com was originally issued for faspex.ubersp.com. This means the certificate is invalid for that domain and when loaded will display an error in the user's browser. Since this is an uber internal page, uber employees are most likely getting used to clicking through SSL errors which opens them up to future MITM attacks. Thanks, David Dworken

Actions

View on HackerOne

Report Stats

Report ID: 146847
State: Closed
Substate: informative
Upvotes: 2

faspex.uber.com uses an invalid SSL certificate

Vulnerability Details

Actions

Report Stats

Share this report