Arne Swinnen
Web Application Security Researcher
Menu Close
  • Home
  • Research
    • Exploit Development
    • Mobile Security
    • Publications
    • Web Security
  • Contact

Month: June 2016

0

HackerOne Web Authentication Endpoint Credentials Brute-Force Vulnerability

Posted on June 27, 2016 by Arne Swinnen

I publicly disclosed a vulnerability that I found on and reported to the HackerOne platform. It involved a brute-force rate limiting protection bypass via IPv6. It can be found here.

Web Security

Recent Posts

  • Authentication bypass on Uber’s Single Sign-On via subdomain takeover
  • Authentication bypass on Airbnb via OAuth tokens theft
  • Authentication bypass on Ubiquity’s Single Sign-On via subdomain takeover

Recent Comments

  • Arne Swinnen on Authentication bypass on Uber’s Single Sign-On via subdomain takeover
  • Jack on Authentication bypass on Uber’s Single Sign-On via subdomain takeover
  • Murali Kumar on Authentication bypass on Airbnb via OAuth tokens theft

Archives

  • June 2017 (2)
  • November 2016 (1)
  • October 2016 (2)
  • September 2016 (1)
  • July 2016 (1)
  • June 2016 (1)
  • May 2016 (1)
  • March 2016 (1)
  • February 2016 (1)
  • August 2014 (2)
  • November 2013 (2)
  • September 2013 (1)
© 2023 Arne Swinnen. All rights reserved.
Hiero by aThemes