Session issue in Coinbase Worth 1000$

by admin · Published March 9, 2016 · Updated March 13, 2016

[ads]

Session issue in Coinbase – Bug Bounty POC

Hello Bug Bounty POC viewers,This is Hisham Mir and today i will share how i found Session issue in Coinbase,This vulnerability only worked in Coinbase Android app.so Let’s start it

Coinbase is a bitcoin wallet and platform where merchants and consumers can transact with the new digital currency bitcoin.

Steps to Reproduce :
1. Login in your coinbase Wallet via Android Application and go to manage account.
2. now Login in your Coin Base Wallet Via Pc
3. Now open security setting from pc and remove all device from authorized apps
4. after removing all authorized apps from pc your android session will still validate there and you can still manage the setting from android app

After bug was publicaly disclosed on hackerone.The Ceo of Hackerone personally messaged me on facebook and congrats me well as Hackerone team congrats me on twitter as well.

Message of Hackerone CEO :

Screenshot_1

Hackerone Team Tweet :

Congrats Hisham (https://t.co/4Wgtua0BmH) for @coinbase #android bug fetching $1K bounty +making the Internet safer! https://t.co/23HjibxquU

— HackerOne (@Hacker0x01) February 21, 2016

Paulos says:

March 10, 2016 at 2:11 pm

Great and lucky catch 😉

- Hisham Mir says:
  
  March 10, 2016 at 2:52 pm
  
  Thanks 🙂 Yup Indeed Lucky it was
  
Tamra says:

March 12, 2016 at 2:33 am

extremely informative info, thanks you, +4 for information

- Hisham Mir says:
  
  March 13, 2016 at 8:30 pm
  
  I am Glad You liked it 🙂
  
Twanna Espino says:

April 30, 2016 at 5:46 am

Hello. splendid job. I did not anticipate this. This is a remarkable story. Thanks!