Deleting Teams implemenation

Disclosed: 2014-08-21 00:47:38 By cliantech To slack
Unknown
Vulnerability Details
When deleting a team, it needed a proper authentication. It does not re authenticate the user if he is the legit owner who is trying to delete the team. In a case where, we leave our account for a few minutes and somebody walks by then quickly delete our team. Clifford
Actions
View on HackerOne
Report Stats
  • Report ID: 2975
  • State: Closed
  • Substate: informative
  • Upvotes: 1
Share this report