Hackerone impersonation
Unknown
Vulnerability Details
You should restrict users to create user profile named "hacker0x01" because it represents 'hackerone' everywhere. Any user can create a profile named "hacker0x01" although he/she is a completely different user. This way user can potentially impersonate hackerone.
Actions
View on HackerOneReport Stats
- Report ID: 97377
- State: Closed
- Substate: resolved
- Upvotes: 3