Sifchain - HackerOne Reports
View on HackerOne71
Total Reports
0
Critical
3
High
4
Medium
15
Low
No Rate Limit in email leads to huge Mass mailings
Reported by:
sudhakarsurya
|
Disclosed:
Clickjacking Vulnerability in sifchain.finance
Reported by:
lemon_in-the_spoon
|
Disclosed:
Weakness: UI Redressing (Clickjacking)
HTTPS not enforced at dex.sifchain.finance
Reported by:
zelzal
|
Disclosed:
Low
Weakness: Violation of Secure Design Principles
Dependency Confusion Vulnerability in Sifnode Due to Unclaimed npm Packages.
Reported by:
0xcachefl0w
|
Disclosed:
Weakness: Code Injection
CORS misconfiguration
Reported by:
legacy_defender
|
Disclosed:
Weakness: Business Logic Errors
Email spoofing
Reported by:
tmsm
|
Disclosed:
Weakness: Improper Authentication - Generic
wrong url in hackerone > goes to wix.com > unconnected
Reported by:
mhohlfeld
|
Disclosed:
Low
Weakness: Misconfiguration
ETHEREUM_PRIVATE_KEY leaked via Open Github Repository
Reported by:
fozisimi
|
Disclosed:
Weakness: Cleartext Storage of Sensitive Information
Vulnerability : Email Spoofing
Reported by:
tajammul
|
Disclosed:
No Valid SPF Records/don't have DMARC record
Reported by:
himan253
|
Disclosed:
Weakness: Improper Authentication - Generic
Wrong implementation of Telegram link on the main page for PC users
Reported by:
ibrahimatix0x01
|
Disclosed:
Weakness: Misconfiguration
Origin IP Disclosure Vulnerability
Reported by:
uniquekamboj6738
|
Disclosed:
Bootstrap library is vulnerable
Reported by:
sathish87
|
Disclosed:
Low
Weakness: Inclusion of Functionality from Untrusted Control Sphere
Subdomain Takeover At the Main Domain Of Your Site
Reported by:
ahmedelmalky
|
Disclosed:
Low
Weakness: Improper Access Control - Generic
Private RSA key for Vagrant exposed in GitHub repository
Reported by:
sdushantha
|
Disclosed:
Weakness: Insecure Storage of Sensitive Information
ETHEREUM_PRIVATE_KEY leaked
Reported by:
dexter34
|
Disclosed:
Weakness: Cleartext Storage of Sensitive Information
SSH server due to Improper Signature Verification
Reported by:
escanor56
|
Disclosed:
High
CVEs:
CVE-2020-9283
Private eth key found
Reported by:
fle_xxx
|
Disclosed:
xmlrpc.php And /wp-json/wp/v2/users FILE IS enable it will used for bruteforce attack and denial of service
Reported by:
malagham
|
Disclosed:
Weakness: Uncontrolled Resource Consumption
Bounty: $50.00
Email Spoofing on sifchain.finance
Reported by:
ibrahimatix0x01
|
Disclosed:
Low
Page 1 of 4
Next