Biscuit's Bug Bounty Playbook

👋Introduction to Biscuit's Bug Bounty Playbook
Mains
Bug Bounty Reports & Articles
Bug Bounty Platforms
Exploiting Technologies

Powered by GitBook

On this page

Bug Bounty Reports & Articles

7️⃣Broken Access Control & Broken Authentication

⚙️2FA Functionality

PreviousPassword Reset Functionality NextOauth Functionality

Last updated 5 months ago

GitLab disclosed on HackerOne: Ability to bypass email verification...HackerOne

Glassdoor disclosed on HackerOne: 2FA bypass by sending blank codeHackerOne

Khan Academy disclosed on HackerOne: Email Verification Bypass...HackerOne

Shopify disclosed on HackerOne: Email Confirmation Bypass in...HackerOne

HackerOne disclosed on HackerOne: Changing the 2FA secret key and...HackerOne

Nextcloud disclosed on HackerOne: Two-factor authentication...HackerOne

Simple logic flaw lead to P3 bug in public BBPMedium