Authentication Bypass on monitoring server

Disclosed: 2017-01-11 17:42:10 By jamesclyde To shopify
Low
Vulnerability Details
Hello, This issue has the same impact as this one: #143482. But the fix is not complete, there is a shopify subdomain (VPN server) where you still can connect your google account. This should be hide and protected. So you guys need to change this so that only shopify.com Google accounts are accepted. POC screen: ███████ Let me know about it and happy new year!! Jamesclyde90
Actions
View on HackerOne
Report Stats
  • Report ID: 194832
  • State: Closed
  • Substate: resolved
  • Upvotes: 9
Share this report