Taking Over Employee Accounts by Managers with Zero Employee Interaction

  1. I logged in with my admin credentials then navigated to Users section.
  2. I clicked on the Employee profile and I noticed that the email input cannot be edited or modified.
  • Apr 28, 2021: I recorded a video PoC and reported the issue to the private program on hackerone.
  • Apr 29, 2021: HackerOne Team Triaged the report and decreased the severity from Critical to Medium.
  • Apr 29, 2021: I asked them to reconsider the severity and to assess the bug according to the company business risk and the impact that can cause on company reputation and business.
  • Mar 3, 2021: Further discussion and debate about the severity between me, HackerOne team and the Program internal team.
  • Mar 25, 2021: Program Internal Team scored it as Medium describing that you have to be an admin/manager in order to take over the other accounts. And they asked me to wait for further investigation about the root cause of this issue before issuing a bounty.
  • July 9, 2021: I asked for update about the issue.
  • July 12, 2021: Team still investigating.
  • July 21, 2021: Internal Team kept the severity as Medium. And awarded me with a total of $600 ($500 bounty + $100 bonus).

--

--

--

Cyber Security Specialist | Hacker | Founder & CTO at Cybit Sec

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Incentive: Elemental Assasins Lottery

Dread Pirate Roberts: A Lesson in Anonymity

Undetectable Reverse Shell And Xor Encryption

Crypto Media Network(CMN) is really great and improving more day by day.

An ancient Greek philosophy — the novel approach to Cyber-Security

CRTS airdrop event with CoinMarketCap

Why do not use Math.random()

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Ahmad Halabi

Ahmad Halabi

Cyber Security Specialist | Hacker | Founder & CTO at Cybit Sec

More from Medium

Oversimplified — Bug Bounty

Broken Link hijacking — What it is and how to get bounties with it! $$$

Subdomain Takeover Via Flywheel

From .git directory to AWS EC2 network takeover