Making program preference -> program visibilty feature usless and disclosing API Identifier in the progress and data that may cause potential IDORS.
Low
H
HackerOne
Submitted None
Team Summary
Official summary from HackerOne
@spongebhav identified a vulnerability that let a victim believe their program membership wasn't shown on their profile, when in reality, it was. This could be used to identify system users of a program when the program blocked this.
Actions:
Reported by
spongebhav
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Information Disclosure