secure.simplybook.me/v2/rest/user/profile payload response exposing password
Steps:
Create new profile
Visit v2/r/welcome/#/tour/services
check endpoint in network tab secure.simplybook.me/v2/rest/user/profile password exposed
We could not reproduce the issue due to 2 reasons:
- this endpoint is available for authenticated user only
- password is hashed
You can reproduce this issue with any account.
Steps to reproduce:
-
Register a new user.
-
Log in with that user.
-
Open the Network tab after logging in (for example, while on
v2/r/welcome/#/tour/services). -
Inspect the network requests.
Result:
The user’s hashed password is returned in the response.
hi, thank you. The issue is confirmed and fixed.
This finding is eligible for our bug bounty program. Please register here Researchers | Intigriti so we can invite you to our bug bounty program on this platfrom.
Hi, thank you for the update.
I have registered on intigriti successfully.(profile/gautamparmar)
Please let me know if you need any additional information from my side to proceed with the bug bounty invitation.
Invited you to our bounty program there
Hi @mib,
Thank you for the invitation.
May I know whether the reported issue has been considered for a bug bounty reward and if there are any further steps required from my side?
Hi, yes, this issue you reported is considered for a bug bounty. Please just report us the same via intigriti for formal approval as we use this platform for bug bounties.
Hi @mib,
I have submitted the report on Intigriti as requested. Here is the submission link id for your reference:
/submissions/SIMPLYBOOK-QF9UWC9U
Thank you!
Yes, thank you. Submission is accepted and closed (as we fixed it already). You bounty reward payment should be done also.