| 4799 | From an error message to DB disclosure |
Hardcoded credentials |
NA |
Yumi |
Bug Bounty | 2018-04-17 | 2023-06-13 |
| 4613 | https://medium.com/@mahitman1/i-own-your-customers-22e965761abd |
Information disclosure
Hardcoded credentials
AWS misconfiguration |
NA |
Muhammad Abdullah |
Bug Bounty | 2018-09-01 | 2023-06-13 |
| 4285 | Swiss_E-Voting_Publications |
XSS
XXE
RCE
Missing authentication
Authentication flaw
Hardcoded credentials |
Swiss E-Voting |
setuid0 (@_setuid0_) |
Bug Bounty | 2019-02-21 | 2023-06-13 |
| 3656 | Hacking SMS API Service Provider of a Company |Android App Static Security Analysis | Bug Bounty POC |
Information disclosure
Hardcoded credentials |
NA |
Muhammad Khizer Javed (@khizer_javed47) |
Bug Bounty | 2020-02-19 | 2023-06-13 |
| 3321 | From N/A to Resolved For BackBlaze Android App[Hackerone Platform] Bucket Takeover |
Hardcoded credentials
Information disclosure |
BackBlaze |
Sahil Tikoo (@viperbluff) |
Bug Bounty | 2020-07-09 | 2023-06-13 |
| 3316 | Tenda AC15 AC1900 Vulnerabilities Discovered and Exploited |
CSRF
XSS
Hardcoded credentials
RCE |
Tenda |
Sanjana Sarda |
Bug Bounty | 2020-07-10 | 2023-06-13 |
| 2886 | Let’s know How I have explored the buried secrets in React Native application |
Information disclosure
Hardcoded credentials |
NA |
secureITmania (@secureitmania) |
Bug Bounty | 2021-01-18 | 2023-06-13 |
| 2862 | Bragging Rights(Part 1): Short story of a bug wave |
IDOR
Stored XSS
SSRF
Subdomain takeover
Hardcoded credentials |
NA |
Manas Harsh (@ManasH4rsh) |
Bug Bounty | 2021-01-27 | 2023-06-13 |
| 2851 | Android apk leaks access token to takeover the whole infrastructure |
Information disclosure
Hardcoded credentials
Android |
NA |
Santosh Kumar Sha (@killmongar1996) |
Bug Bounty | 2021-01-30 | 2023-06-13 |
| 2510 | Admin Panel? Pwned! |
Information disclosure
Hardcoded credentials |
NA |
Splintersec (@splint3rsec) |
Bug Bounty | 2021-06-02 | 2023-06-13 |
| 2198 | Facebook Messenger for MacOS contained valid hardcoded FB access token (employee%27s token?) |
Hardcoded credentials |
Meta / Facebook |
Dzmitry Lukyanenka (@vulnano) |
Bug Bounty | 2021-09-23 | 2023-06-13 |
| 1898 | Solarwinds Web Help Desk: When the Helpdesk is too Helpful |
Information disclosure
Hardcoded credentials |
SolarWinds |
Assetnote Security Research Team (@assetnote) |
Bug Bounty | 2022-01-23 | 2023-06-13 |
| 1674 | Write Up – Finapi (Open Banking API) Oauth Credentials Exposed In Plain Text In Android App |
Hardcoded credentials
Android |
NA |
Omar Espino (@omespino) |
Bug Bounty | 2022-04-01 | 2023-06-13 |
| 1598 | Fuzzing and credentials leakage..awesome bug hunting writeup |
Hardcoded credentials
Information disclosure |
NA |
Abdalrahman Alshammas |
Bug Bounty | 2022-04-25 | 2023-06-13 |
| 1449 | Personal Access Token Disclosure in Asana Desktop Application |
Information disclosure
Hardcoded credentials |
Asana |
Lauritz Holtmann (@_lauritz_) |
Bug Bounty | 2022-06-18 | 2023-06-13 |
| 1319 | With Management Comes Risk: Finding Flaws in FileWave MDM |
Authentication bypass
Hardcoded credentials
Information disclosure |
Filewave |
Claroty%27s Team82 (@Claroty) |
Bug Bounty | 2022-07-25 | 2023-06-13 |
| 1189 | Patch bypass for [CVE-2020-6369] Hard-coded Credentials in CA Introscope Enterprise Manager |
Hardcoded credentials
Information disclosure |
SAP |
Arpine Maghakyan |
Bug Bounty | 2022-08-22 | 2023-06-13 |
| 1174 | ASP.NET Boilerplate Multiple Vulnerabilities |
Authentication flaw
Hardcoded credentials
JWT
Padding oracle attack
Cryptographic issues |
Volosoft (ASP.NET Boilerplate) |
Sana Oshika (@bigshika) |
Bug Bounty | 2022-08-26 | 2023-06-13 |
| 1131 | Hacking My Helium Crypto Miner |
Hardcoded credentials
Missing authentication
RCE
Local Privilege Escalation |
Pycom |
Md. Asif Hossain (@0x0asif) |
Bug Bounty | 2022-09-05 | 2023-06-13 |
| 1107 | Baxter SIGMA Spectrum Infusion Pumps: Multiple Vulnerabilities (FIXED) |
Hardcoded credentials
Memory corruption
MiTM
Information disclosure |
Baxter Healthcare |
Deral Heiland (@Percent_X) |
Bug Bounty | 2022-09-08 | 2023-06-13 |
| 831 | SSD Advisory – Cisco Secure Manager Appliance jwt_api_impl Hardcoded JWT Secret Elevation of Privilege |
Hardcoded credentials
Security code review
JWT
Privilege escalation |
Cisco |
- |
Bug Bounty | 2022-11-14 | 2023-06-13 |
| 771 | [Hacking Bank] The Second Story of Finding Critical Vulnerabilities on Banking Application |
Android
Hardcoded credentials
IDOR |
NA |
Abdelhak Kharroubi |
Bug Bounty | 2022-11-26 | 2023-06-13 |
| 734 | Manipulating AES Traffic using a Chain of Proxies and Hardcoded Keys |
Android
Hardcoded credentials
Client-side encryption bypass |
NA |
Aditya Dixit (@zombie007o) |
Bug Bounty | 2022-12-03 | 2023-06-13 |
| 678 | Better Make Sure Your Password Manager Is Secure |
Hardcoded credentials
XSS
Cryptographic issues
Authorization flaw
Authentication bypass |
Click Studios |
kuekerino (@kuekerino) |
Bug Bounty | 2022-12-19 | 2023-06-13 |
| 591 | YAFPC — Unauthenticated Remote Code Execution |
Authentication bypass
Hardcoded credentials
RCE |
NA |
Luke Paris |
Bug Bounty | 2023-01-14 | 2023-06-13 |
