Paragonie


reports in last 90 days

17

disclosed resolved issues

31

disclosed informative issues

12

disclosed N/A issues

Listed on HackerOne — Updated on 2019/10/15

Bug Title Bug Type Found By Report Info Report Status

Medium Github wikis are editable by anyone https://github.com/paragonie/password_lock/wiki

Improper Access Control - Generic nitish_mathur Issue was not triaged


Time to close: 1 Days and 12 hours
Informative

None BAD Code !

Command Injection - Generic kholy Issue was not triaged


Time to close: 0 Days and 0 hours
Not-applicable

No rating Github repo's wiki publicly editable

Improper Access Control - Generic whitehat_hacker Issue was not triaged


Time to close: 0 Days and 0 hours
Informative

Medium Airship: Persistent XSS via Comment

Cross-site Scripting (XSS) - Stored foobar7 Issue was not triaged


Time to close: 107 Days and 3 hours
Resolved

No rating Incomplete fix for #181225 (target=_blank vulnerability)

None supplied cablej Time to triage: 3 Days and 2 hours


Time to close: 348 Days and 1 hours
Not-applicable

Medium Paragonie Airship Admin CSRF on Extensions Pages

Cross-Site Request Forgery (CSRF) 4cad Issue was not triaged


Time to close: 101 Days and 18 hours
Resolved

No rating Invited user to a Author profile can remove the owner of that Author

Violation of Secure Design Principles ranjit_p Issue was not triaged


Time to close: 10 Days and 20 hours
Resolved

Medium Improper access control lead To delete anyone comment

Improper Access Control - Generic ranjit_p Time to triage: 0 Days and 1 hours


Time to close: 0 Days and 3 hours
Resolved

No rating CSRF token does not valided during blog comment

Cross-Site Request Forgery (CSRF) ranjit_p Issue was not triaged


Time to close: 0 Days and 8 hours
Resolved

Low Non-secure requests are not automatically upgraded to HTTPS

Violation of Secure Design Principles amalunni75310 Issue was not triaged


Time to close: 9 Days and 8 hours
Informative

No rating Full Path Disclosure in airship.paragonie.com '/cabins/'

None supplied eidelweiss Issue was not triaged


Time to close: 0 Days and 5 hours
Informative

No rating SMTP server allows anonymous relay from internal addresses to internal addresses

Improper Authentication - Generic phenix Issue was not triaged


Time to close: 0 Days and 0 hours
Duplicate

No rating Full Path Disclosure in password lock

Information Disclosure supernatural Issue was not triaged


Time to close: 0 Days and 0 hours
Informative

No rating Your Application Have Cacheable SSL Pages

Violation of Secure Design Principles kiraak-boy Issue was not triaged


Time to close: 0 Days and 0 hours
Informative

No rating Full Path Disclosure In EasyDB

Information Disclosure supernatural Issue was not triaged


Time to close: 15 Days and 0 hours
Informative

Critical [Critical] billion dollars issue

Man-in-the-Middle abdel-fattah-elsisi Issue was not triaged


Time to close: 503 Days and 1 hours
Spam

No rating Directory Disclose,Email Disclose Zendmail vulnerability

Information Exposure Through Directory Listing pahan1234 Issue was not triaged


Time to close: 0 Days and 6 hours
Resolved

No rating Full directory path listing

Information Exposure Through Directory Listing pahan1234 Issue was not triaged


Time to close: 544 Days and 12 hours
Spam

No rating Improper validation of Email

None supplied pahan1234 Issue was not triaged


Time to close: 0 Days and 7 hours
Informative

Critical Broken Authentication & Session Management - Failure to Invalidate Session on all other browsers at Password change

Improper Authentication - Generic k_jagdish Issue was not triaged


Time to close: 0 Days and 4 hours
Not-applicable

No rating Missing rel=noopener noreferrer in target=_blank links (Phishing attack)

None supplied e3amn2l Issue was not triaged


Time to close: 2 Days and 22 hours
Resolved

No rating Incorrect detection of onion URLs

None supplied e3amn2l Time to triage: 0 Days and 0 hours


Time to close: 3 Days and 0 hours
Resolved

No rating directory information disclose

Information Disclosure pahan1234 Issue was not triaged


Time to close: 0 Days and 7 hours
Informative

Critical Subdomain Takeover

Information Disclosure kholy Issue was not triaged


Time to close: 2 Days and 3 hours
Not-applicable

Critical I am because bug

None supplied b69b1b97b19c1c71b0eed85 Issue was not triaged


Time to close: 560 Days and 7 hours
Spam