Race Condition Leads To Duplicate Payouts

Race condition leads to duplicate payouts

15-Feb-2018

Congratulation Bulwarkers!!

HackerOne Says' : Team Bulwarkers discovered a race condition issue with some recent changes to our payments code that caused him to be able to receive duplicate payouts for some bounties.

A number of variables and timing had to be just right for it to actually allow a malicious actor to exploit this and receive duplicate payouts. Note that the companies were never double-charged for these duplicate payouts, so this monetary loss only affected HackerOne.

We’re disclosing this under Limited Visibility due to multiple mentions of private programs, e-mail addresses, specific bounties, and other sensitive information that would be too difficult to accurately redact without distracting from the overall report.

Our bounty for this issue is actually $1000, but @jigarthakkar39 already received $250 of this due to his exploitation of this particular vulnerability.

Refer: https://hackerone.com/reports/220445

Race condition leads to duplicate payouts

Post Comment

RECENT POSTS

Do I really need cybersecurity service?

IoT (Internet of Things) training at nullcon

Race condition leads to duplicate payouts

3rd Rank at Hacktheworld 2017 Compitition

Android Certificate Pinning Bypass

WordPress plugin exposes half a million sites to attack

How Uppercase/Lowercase matters in pentesting?

Big data Analytics For Cyber Security

What is Encryption and How it is important? �

Cyber Security Awareness

What Is Ethical Hacking ?

MULTI-FACTOR AUTHENTICATION IN TODAY'S DIGITAL CLIMATE

CATEGORIES

Findings (2)

HackerOne (3)

News (7)

Tools (0)