Wednesday, July 18, 2018

Dealing with a security vulnerability

A few days ago, one of my websites which are run by an American startup, has received an email entailing details of a possible security vulnerability. The email was forwarded to me and I followed up on the situation.

The email came from a gentleman from the Netherlands named Thijs who is a security research and a university student:


After doing further research, it was evident that the vulnerability is present on the site and affects search pages only. The vulnerability was resolved within hours.

The search page affected has resulted in 43 million search queries since 2016, it is highly likely that the security vulnerability has been exploited: 


I cannot reveal any further details of the vulnerability but I am glad that it was resolved. Thjis was rewarded with a small bounty of 100$:


Ethical white-hat security researchers like Thijs should be cherished. Have I been able to increase the bounty reward for Thijs, I would have done it. 
Share:

0 comments:

Post a Comment