Discord Server Red Security Twitter Donation to Red Security Red Security Youtube Channel Red Security Tumblr Profile
Login or Register to Hide ads and Accessing all features on the forum

News 

NordVPN Patched a Flaw In Their Payments Platform That Exposed Users’ Details

0 Replies, 1666 Views

In The Name OF Allah
Al-Salam Alekum

[Image: nordvpn.png]

Hello guys, Looks like NordVPN was under risk for a long time...

Quote:Reportedly, NordVPN has patched a serious flaw that could have exposed users’ details to others. First discovered by a bug bounty hunter, the vulnerability existed in their payments system.


The researcher with alias foo bar on HackerOne reported this vulnerability to NordVPN in December 2019. He found that sending a HTTP POST request without any authentication to join.nordvpn.com could let anyone view other users’ data. Doing so was simple; the attacker could simply change the numbers in the id and user_id to get the details of other users.

The said vulnerability received a high-severity rating with a score of 7 to 8.9. Upon reporting the flaw, not only NordVPN patched the vulnerability, but also awarded the researcher with a $1000 bounty.


The Source
Wa Salam Alekum
Rs
* Thankful to Allah *
Kurdy
(This post was last modified: 03-09-2020, 05:34 PM by Mr.Kurd.)

Messages In This Thread
NordVPN Patched a Flaw In Their Payments Platform That Exposed Users’ Details - by Mr.Kurd - 03-09-2020, 05:34 PM

Possibly Related Threads…
Thread Author Replies Views Last Post
Star News Claroty Details Vulnerabilities in Schneider PLCs News 0 1,712 11-11-2020, 09:07 AM
Last Post: News
Star News IoT Vulnerability Disclosure Platform Launched News 0 1,796 10-20-2020, 09:58 AM
Last Post: News
Star News Four More Bugs Patched in Microsoft’s Azure Sphere IoT Platform News 0 1,497 08-26-2020, 03:41 AM
Last Post: News
Big Grin News Researchers Warn of High-Severity Dell PowerEdge Server Flaw Mr.Kurd 0 1,600 07-29-2020, 11:42 AM
Last Post: Mr.Kurd
Heart News Zoom Offers Custom Data Routing To Paid Users Mr.Kurd 0 2,019 04-16-2020, 06:47 AM
Last Post: Mr.Kurd
Star News Zoom will soon let some users choose which countries their data is routed through Mr.Kurd 0 1,691 04-14-2020, 09:07 AM
Last Post: Mr.Kurd
Smile News Critical Vulnerability In Bisq Crypto Exchange Exploited For Some Users Mr.Kurd 0 1,693 04-10-2020, 02:46 PM
Last Post: Mr.Kurd
Star News Microsoft Edge Now Alerts Users Of Breached Passwords Mr.Kurd 0 2,294 04-03-2020, 08:09 AM
Last Post: Mr.Kurd
Smile News Zoom Conferencing App Exposes Users Email IDs And Photos To Other Users Mr.Kurd 0 1,779 04-03-2020, 07:58 AM
Last Post: Mr.Kurd
Tongue News FBI takes down hacker platform Deer.io Mr.Kurd 0 1,636 03-27-2020, 11:34 AM
Last Post: Mr.Kurd



Users browsing this thread: 1 Guest(s)