Heroku Bug Bounty 2015 (API) - Re Auth Session Token Bypass Web Vulnerability
An application-side re-auth session bypass vulnerability has been discovered in the official heroku API & web-application service. The vulnerability allows an attacker to request unauthorized information without the second forced re authentication module.
The heroku web-service provides to all web services an expire session function that disallows to visit the page without re authentication. The dataclips page session of the editor and the postgres service allows to add for example new context. If the session expires in the main heroku web-service the user will be forced to login again.
Advanced Persistent Threat Golden_hands - Digital Bank Robbery of the Year 2020
Facebook Security - 12.500$ Bug Bounty reward to Security Researcher
Bug Bounty Program Award Winners 2014 - Exclusive Interview by Microsoft & PayPal
Shopify | Buy Button | Persistent Embed POST Inject Vulnerability