Krisp - HackerOne Reports
View on HackerOne11
Total Reports
2
Critical
1
High
1
Medium
3
Low
Authentication CSRF resulting in unauthorized account access on Krisp app
Reported by:
yassineaboukir
|
Disclosed:
High
Weakness: Improper Authentication - Generic
Add more seats by paying less via PUT /v2/seats request manipulation
Reported by:
life__001
|
Disclosed:
Medium
Weakness: Improper Input Validation
Card requirement bypass for business trial
Reported by:
20_root
|
Disclosed:
Low
Weakness: Improper Access Control - Generic
[api.krisp.ai] Race condition on /v2/seats endpoint allows bypassing the original seat limit
Reported by:
alp
|
Disclosed:
Low
Weakness: Time-of-check Time-of-use (TOCTOU) Race Condition
Unsubscripe linkes leaked
Reported by:
blackxxhat
|
Disclosed:
Authentication bypass for ███ leads to take over any users account.
Reported by:
20_root
|
Disclosed:
Critical
Weakness: Missing Authentication for Critical Function
Force User to Accept Attacker's invite [ Restrict user to create account]
Reported by:
sammam
|
Disclosed:
Low
Weakness: Privilege Escalation
SQL Injection + Insecure Deserialization leads to Remote Code Execution on https://krisp.ai
Reported by:
mikemyers
|
Disclosed:
Critical
Weakness: Deserialization of Untrusted Data
Visibility Robots.txt file
Reported by:
razahack
|
Disclosed:
Weakness: Information Disclosure
Log4j CVE-2021–44228
Reported by:
karthik86
|
Disclosed:
Weakness: Code Injection
Error Page Content Spoofing or Text Injection
Reported by:
mrirfankhan
|
Disclosed:
Weakness: Violation of Secure Design Principles