03-09-2020, 05:34 PM
In The Name OF Allah
Al-Salam Alekum
![[Image: nordvpn.png]](https://www.vpnanswers.com/wp-content/uploads/2017/05/nordvpn.png)
Hello guys, Looks like NordVPN was under risk for a long time...
Quote:Reportedly, NordVPN has patched a serious flaw that could have exposed users’ details to others. First discovered by a bug bounty hunter, the vulnerability existed in their payments system.
The researcher with alias foo bar on HackerOne reported this vulnerability to NordVPN in December 2019. He found that sending a HTTP POST request without any authentication to join.nordvpn.com could let anyone view other users’ data. Doing so was simple; the attacker could simply change the numbers in the id and user_id to get the details of other users.
The said vulnerability received a high-severity rating with a score of 7 to 8.9. Upon reporting the flaw, not only NordVPN patched the vulnerability, but also awarded the researcher with a $1000 bounty.
The Source
Wa Salam Alekum