Stats Token doesn't expire after deactivating account
Low
C
Chaturbate
Submitted None
Team Summary
Official summary from Chaturbate
The hacker found that the stats token, that a user can use to access their own account information, does not expire when an account is deactivated. This was resolved so the view could not be used after deactivation.
Actions:
Reported by
encrypt
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Bounty
$250.00
Submitted
Weakness
Improper Access Control - Generic