Keybase


reports in last 90 days

28

disclosed resolved issues

1

disclosed informative issues

0

disclosed N/A issues

Listed on HackerOne — Updated on 2019/10/15

Bug Title Bug Type Found By Report Info Report Status

Medium Keybase client: downloaded executables lack "com.apple.quarantine" meta-attribute [macOS]

None supplied metnew Time to triage: 0 Days and 20 hours


Time to close: 289 Days and 0 hours
Resolved

High Persistent XSS on keybase.io via "payload" field in `/user/sigchain_signature.toffee` template

Cross-site Scripting (XSS) - Stored jordanmilne Issue was not triaged


Time to close: 32 Days and 6 hours
Resolved

High Local privilege escalation bug using Keybase redirector on macOS

Privilege Escalation votava Time to triage: 0 Days and 19 hours


Time to close: 40 Days and 0 hours
Resolved

Medium macOS privilege escalation via keybase install

Privilege Escalation mirchr Time to triage: 3 Days and 18 hours


Time to close: 33 Days and 5 hours
Resolved

High Privilege Escalation through Keybase Installer via Helper

Privilege Escalation jinmo123 Time to triage: 0 Days and 4 hours


Time to close: 31 Days and 8 hours
Resolved

High Privilege Escalation via Keybase Helper (incomplete security fix)

Privilege Escalation 0xcccc Time to triage: 0 Days and 1 hours


Time to close: 41 Days and 23 hours
Resolved

High Privilege Escalation via Keybase Helper

Privilege Escalation xpn Time to triage: 0 Days and 3 hours


Time to close: 64 Days and 22 hours
Resolved

High Linux privilege escalation via trusted $PATH in keybase-redirector

Privilege Escalation mirchr Time to triage: 0 Days and 2 hours


Time to close: 0 Days and 12 hours
Resolved

Low Fix bypass of different processing of usernames on Hackernews

Business Logic Errors mishre Time to triage: 0 Days and 4 hours


Time to close: 2 Days and 19 hours
Resolved

Low Difference in query string parameter processing between Hacker News and Keybase Chrome extension spawns chat to incorrect user

Violation of Secure Design Principles tomnomnom Time to triage: 0 Days and 22 hours


Time to close: 10 Days and 11 hours
Resolved

No rating Keybase extension hostname-validation regular expression issue.

Business Logic Errors edoverflow Time to triage: 0 Days and 0 hours


Time to close: 4 Days and 22 hours
Resolved

Low Claiming ownership of GitHub handles via forked GitHub gists.

Business Logic Errors edoverflow Time to triage: 2 Days and 1 hours


Time to close: 0 Days and 1 hours
Resolved

Medium Universal Cross-Site Scripting in Keybase Chrome extension

Cross-site Scripting (XSS) - DOM jupenur Issue was not triaged


Time to close: 2 Days and 23 hours
Resolved

No rating Denial of Service through set_preference.json

Denial of Service cablej Issue was not triaged


Time to close: 0 Days and 0 hours
Resolved

No rating [keybase.io] Open Redirect

Open Redirect bobrov Issue was not triaged


Time to close: 56 Days and 23 hours
Resolved

No rating Race conditions can be used to bypass invitation limit

None supplied franjkovic Time to triage: 2 Days and 17 hours


Time to close: 65 Days and 3 hours
Resolved

No rating Un-handled exception leads to Information Disclosure

Information Disclosure sarwarjahan Time to triage: 0 Days and 5 hours


Time to close: 200 Days and 12 hours
Resolved

No rating Register multiple users using one invitation (race condition)

None supplied franjkovic Issue was not triaged


Time to close: 5 Days and 6 hours
Resolved

No rating Remote Server Restart Lead to Denial of Service by only one Request.

Denial of Service ahmed_abdalla Time to triage: 0 Days and 0 hours


Time to close: 0 Days and 0 hours
Resolved

No rating Remote Server Restart Lead to Denial of Server by only one Request.

Denial of Service ahmed_abdalla Time to triage: 0 Days and 0 hours


Time to close: 2 Days and 6 hours
Resolved

No rating Content spoofing due to the improper behavior of the not-found meesage

Violation of Secure Design Principles saeedhashem Issue was not triaged


Time to close: 0 Days and 22 hours
Resolved

No rating Sensitive server-side/application information disclosure

Information Disclosure sarwar_jahan_m Issue was not triaged


Time to close: 98 Days and 16 hours
Resolved

No rating xss

Cross-site Scripting (XSS) - Generic geeknik Issue was not triaged


Time to close: 22 Days and 12 hours
Informative

No rating NO SPF RECORDS

Violation of Secure Design Principles mafia Issue was not triaged


Time to close: 3 Days and 23 hours
Resolved

No rating SMTP protection not used

Violation of Secure Design Principles test-123 Issue was not triaged


Time to close: 4 Days and 0 hours
Resolved