Starbucks - HackerOne Reports
View on HackerOne128
Total Reports
20
Critical
39
High
41
Medium
21
Low
Brute Force Attack against PIN on Card History Page Could Lead to Card Information Discovery / Fraud
Reported by:
kylecolson
|
Disclosed:
Weakness: Violation of Secure Design Principles
Create New User Whilst Logged On
Reported by:
id-is-vulnerable
|
Disclosed:
Weakness: Open Redirect
Able to bypass information requirements before launching a Chat.
Reported by:
notahackman
|
Disclosed:
Medium
Weakness: Insecure Direct Object Reference (IDOR)
India - OTP bypass on Phone number verification for account creation
Reported by:
deksterh11
|
Disclosed:
Medium
Weakness: Improper Authentication - Generic
Information Exposure Through an Error Message at news.starbucks.com
Reported by:
seytan6161
|
Disclosed:
Medium
Weakness: Information Exposure Through an Error Message
CSRF in Report Lost or Stolen Page https://www.starbucks.com/account/card
Reported by:
darwinks
|
Disclosed:
Medium
Weakness: Cross-Site Request Forgery (CSRF)
China - Leaked credentials permitted a limited ability to create Starbucks coupons and cards
Reported by:
b006e4ea768a5d1b5340969
|
Disclosed:
High
Weakness: Insufficiently Protected Credentials
Persistent CSRF in /GiftCert-AddToBasket prevents purchases on eCommerce sites
Reported by:
inhibitor181
|
Disclosed:
High
Weakness: Cross-Site Request Forgery (CSRF)
Previous
Page 7 of 7