Discord Server Red Security Twitter Donation to Red Security Red Security Youtube Channel Red Security Tumblr Profile
Login or Register to Hide ads and Accessing all features on the forum

News 

NordVPN Patched a Flaw In Their Payments Platform That Exposed Users’ Details

0 Replies, 1161 Views

In The Name OF Allah
Al-Salam Alekum

[Image: nordvpn.png]

Hello guys, Looks like NordVPN was under risk for a long time...

Quote:Reportedly, NordVPN has patched a serious flaw that could have exposed users’ details to others. First discovered by a bug bounty hunter, the vulnerability existed in their payments system.


The researcher with alias foo bar on HackerOne reported this vulnerability to NordVPN in December 2019. He found that sending a HTTP POST request without any authentication to join.nordvpn.com could let anyone view other users’ data. Doing so was simple; the attacker could simply change the numbers in the id and user_id to get the details of other users.

The said vulnerability received a high-severity rating with a score of 7 to 8.9. Upon reporting the flaw, not only NordVPN patched the vulnerability, but also awarded the researcher with a $1000 bounty.


The Source
Wa Salam Alekum
Rs
* Thankful to Allah *
Kurdy
(This post was last modified: 03-09-2020, 05:34 PM by Mr.Kurd.)

Possibly Related Threads…
Thread Author Replies Views Last Post
Star News Claroty Details Vulnerabilities in Schneider PLCs News 0 928 11-11-2020, 09:07 AM
Last Post: News
Star News IoT Vulnerability Disclosure Platform Launched News 0 962 10-20-2020, 09:58 AM
Last Post: News
Star News Four More Bugs Patched in Microsoft’s Azure Sphere IoT Platform News 0 874 08-26-2020, 03:41 AM
Last Post: News
Big Grin News Researchers Warn of High-Severity Dell PowerEdge Server Flaw Mr.Kurd 0 1,029 07-29-2020, 11:42 AM
Last Post: Mr.Kurd
Heart News Zoom Offers Custom Data Routing To Paid Users Mr.Kurd 0 1,454 04-16-2020, 06:47 AM
Last Post: Mr.Kurd
Star News Zoom will soon let some users choose which countries their data is routed through Mr.Kurd 0 1,151 04-14-2020, 09:07 AM
Last Post: Mr.Kurd
Smile News Critical Vulnerability In Bisq Crypto Exchange Exploited For Some Users Mr.Kurd 0 1,128 04-10-2020, 02:46 PM
Last Post: Mr.Kurd
Star News Microsoft Edge Now Alerts Users Of Breached Passwords Mr.Kurd 0 1,384 04-03-2020, 08:09 AM
Last Post: Mr.Kurd
Smile News Zoom Conferencing App Exposes Users Email IDs And Photos To Other Users Mr.Kurd 0 1,243 04-03-2020, 07:58 AM
Last Post: Mr.Kurd
Tongue News FBI takes down hacker platform Deer.io Mr.Kurd 0 1,127 03-27-2020, 11:34 AM
Last Post: Mr.Kurd



Users browsing this thread: 1 Guest(s)