Session issue in Coinbase Worth 1000$
[ads]
Session issue in Coinbase – Bug Bounty POC
Hello Bug Bounty POC viewers,This is Hisham Mir and today i will share how i found Session issue in Coinbase,This vulnerability only worked in Coinbase Android app.so Let’s start it
Coinbase is a bitcoin wallet and platform where merchants and consumers can transact with the new digital currency bitcoin.
Steps to Reproduce :
1. Login in your coinbase Wallet via Android Application and go to manage account.
2. now Login in your Coin Base Wallet Via Pc
3. Now open security setting from pc and remove all device from authorized apps
4. after removing all authorized apps from pc your android session will still validate there and you can still manage the setting from android app
After bug was publicaly disclosed on hackerone.The Ceo of Hackerone personally messaged me on facebook and congrats me well as Hackerone team congrats me on twitter as well.
Message of Hackerone CEO :
Hackerone Team Tweet :
Congrats Hisham (https://t.co/4Wgtua0BmH) for @coinbase #android bug fetching $1K bounty +making the Internet safer! https://t.co/23HjibxquU
— HackerOne (@Hacker0x01) February 21, 2016
Great and lucky catch 😉
Thanks 🙂 Yup Indeed Lucky it was
extremely informative info, thanks you, +4 for information
I am Glad You liked it 🙂
Hello. splendid job. I did not anticipate this. This is a remarkable story. Thanks!