+- Red Security (https://redsecurity.info/cc)
+-- Forum: General (https://redsecurity.info/cc/forumdisplay.php?fid=1)
+--- Forum: News (https://redsecurity.info/cc/forumdisplay.php?fid=4)
+--- Thread: News NordVPN Patched a Flaw In Their Payments Platform That Exposed Users’ Details (/showthread.php?tid=1415)
NordVPN Patched a Flaw In Their Payments Platform That Exposed Users’ Details - Mr.Kurd - 03-09-2020
In The Name OF Allah
Al-Salam Alekum
![[Image: nordvpn.png]](https://www.vpnanswers.com/wp-content/uploads/2017/05/nordvpn.png)
Hello guys, Looks like NordVPN was under risk for a long time...
Quote:Reportedly, NordVPN has patched a serious flaw that could have exposed users’ details to others. First discovered by a bug bounty hunter, the vulnerability existed in their payments system.
The researcher with alias foo bar on HackerOne reported this vulnerability to NordVPN in December 2019. He found that sending a HTTP POST request without any authentication to join.nordvpn.com could let anyone view other users’ data. Doing so was simple; the attacker could simply change the numbers in the id and user_id to get the details of other users.
The said vulnerability received a high-severity rating with a score of 7 to 8.9. Upon reporting the flaw, not only NordVPN patched the vulnerability, but also awarded the researcher with a $1000 bounty.
The Source
Wa Salam Alekum