Ping Identity - HackerOne Reports
View on HackerOne11
Total Reports
0
Critical
2
High
3
Medium
5
Low
CSRF in Inviting users
Reported by:
rijalrojan
|
Disclosed:
High
Weakness: Cross-Site Request Forgery (CSRF)
Broken Link on Ping Identity's Vulnerability Submission Form on Hackerone
Reported by:
thruster
|
Disclosed:
Low
Weakness: Violation of Secure Design Principles
Stored XSS in Application menu via Home Page Url
Reported by:
renniepak
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - Stored
SaaS admin can modify/delete/get user information.
Reported by:
rijalrojan
|
Disclosed:
High
Weakness: Privilege Escalation
Server-Side Request Forgery on SAML Application - Import via URL
Reported by:
ziot
|
Disclosed:
Medium
Weakness: Server-Side Request Forgery (SSRF)
Bounty: $450.00
Forbidden access to https://apps-staging.pingone.com but "/packages.json" visible and full path disclosure
Reported by:
mjigar821
|
Disclosed:
Low
Weakness: Improper Access Control - Generic
Bounty: $100.00
No valid SPF record not found
Reported by:
aravindn
|
Disclosed:
Weakness: Improper Authentication - Generic
Google Maps API key leaked during device pairing
Reported by:
bug_digger21
|
Disclosed:
Medium
Weakness: Information Exposure Through Sent Data
Bounty: $150.00
Session misconfiguration on forget password feature at https://ort-admin.pingone.com
Reported by:
gujjuboy10x00
|
Disclosed:
Low
Weakness: Insufficient Session Expiration
Session misconfiguration on change password feature at https://apps-staging.pingone.com/myaccount/?environmentId=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx#
Reported by:
gujjuboy10x00
|
Disclosed:
Low
Weakness: Violation of Secure Design Principles
Internal Hostname disclosure from multiple Apache servers via blank host header method
Reported by:
jackb898
|
Disclosed:
Low
Weakness: Information Disclosure
Bounty: $150.00