Discord Server Red Security Twitter Donation to Red Security Red Security Youtube Channel Red Security Tumblr Profile
Windscribe
Login or Register to Hide ads and Accessing all features on the forum
Thread Rating:
  • 1 Vote(s) - 3 Average
  • 1
  • 2
  • 3
  • 4
  • 5
News NordVPN Patched a Flaw In Their Payments Platform That Exposed Users’ Details
#1
Exclamation 
In The Name OF Allah
Al-Salam Alekum

[Image: nordvpn.png]

Hello guys, Looks like NordVPN was under risk for a long time...

Quote:Reportedly, NordVPN has patched a serious flaw that could have exposed users’ details to others. First discovered by a bug bounty hunter, the vulnerability existed in their payments system.


The researcher with alias foo bar on HackerOne reported this vulnerability to NordVPN in December 2019. He found that sending a HTTP POST request without any authentication to join.nordvpn.com could let anyone view other users’ data. Doing so was simple; the attacker could simply change the numbers in the id and user_id to get the details of other users.

The said vulnerability received a high-severity rating with a score of 7 to 8.9. Upon reporting the flaw, not only NordVPN patched the vulnerability, but also awarded the researcher with a $1000 bounty.


The Source
Wa Salam Alekum
Rs
* Thankful to Allah *
Kurdy
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
Heart News Zoom Offers Custom Data Routing To Paid Users Mr.Kurd 0 515 04-16-2020, 06:47 AM
Last Post: Mr.Kurd
Star News Zoom will soon let some users choose which countries their data is routed through Mr.Kurd 0 240 04-14-2020, 09:07 AM
Last Post: Mr.Kurd
Smile News Critical Vulnerability In Bisq Crypto Exchange Exploited For Some Users Mr.Kurd 0 203 04-10-2020, 02:46 PM
Last Post: Mr.Kurd
Star News Microsoft Edge Now Alerts Users Of Breached Passwords Mr.Kurd 0 250 04-03-2020, 08:09 AM
Last Post: Mr.Kurd
Smile News Zoom Conferencing App Exposes Users Email IDs And Photos To Other Users Mr.Kurd 0 261 04-03-2020, 07:58 AM
Last Post: Mr.Kurd
Tongue News FBI takes down hacker platform Deer.io Mr.Kurd 0 221 03-27-2020, 11:34 AM
Last Post: Mr.Kurd
Rainbow News Microsoft Alerts Users Of Zero-Day RCE Vulnerability In Windows 7 Under Active Exploi Mr.Kurd 0 266 03-26-2020, 09:03 AM
Last Post: Mr.Kurd
  News Hacker selling data of 538 million Weibo users Mr.Kurd 0 230 03-23-2020, 07:59 AM
Last Post: Mr.Kurd
Star News Trend Micro Patched Zero-Day Vulnerabilities Under Active Exploit Mr.Kurd 0 181 03-23-2020, 07:54 AM
Last Post: Mr.Kurd
Shocked News Unpatched Wormable Windows SMBv3 RCE Zero-day Flaw Leaked in Microsoft Security Updat Mr.Kurd 0 304 03-12-2020, 09:39 AM
Last Post: Mr.Kurd



Users browsing this thread: 1 Guest(s)