Passit


reports in last 90 days

15

disclosed resolved issues

0

disclosed informative issues

0

disclosed N/A issues

Listed on HackerOne — Updated on 2019/10/15

Bug Title Bug Type Found By Report Info Report Status

Low URL is vulnerable to clickjacking https://app.passit.io/

UI Redressing (Clickjacking) whitehacker18 Time to triage: 2 Days and 2 hours


Time to close: 1 Days and 12 hours
Resolved

Low password rest link not expired after change the password

None supplied ni4had Issue was not triaged


Time to close: 1 Days and 1 hours
Resolved

None app.passit.io is vulnerable against username enumeration

Information Exposure Through Debug Information 13ern Time to triage: 0 Days and 7 hours


Time to close: 97 Days and 23 hours
Resolved

Medium CSV-injection in export functionality

Command Injection - Generic muon4 Time to triage: 1 Days and 8 hours


Time to close: 83 Days and 19 hours
Resolved

Medium Insecure opening of external links in app.passit.io/list allows for reverse tabnabbing

Open Redirect kevinhwang Time to triage: 0 Days and 14 hours


Time to close: 0 Days and 0 hours
Resolved

Low Missing HSTS (Strict Transport Security)

Violation of Secure Design Principles ketankumar_godhani Time to triage: 2 Days and 13 hours


Time to close: 0 Days and 13 hours
Resolved

Low `X-XSS-Protection` header has not been set at app.passit.io

None supplied exception Time to triage: 0 Days and 11 hours


Time to close: 2 Days and 23 hours
Resolved

Low Weak Password Policy on Signup

None supplied alpha66 Time to triage: 0 Days and 14 hours


Time to close: 2 Days and 15 hours
Resolved

Low Insecure Account Removal

Violation of Secure Design Principles alpha66 Time to triage: 0 Days and 5 hours


Time to close: 5 Days and 21 hours
Resolved

No rating app.passit.io is vulnerable against Brute Force password quessing attack

Brute Force muon4 Time to triage: 0 Days and 5 hours


Time to close: 2 Days and 3 hours
Resolved

Medium Authentication Required When password change

Improper Authentication - Generic paramdham Time to triage: 0 Days and 14 hours


Time to close: 3 Days and 21 hours
Resolved

Medium Authorization Token is Not expiring After Logout

Improper Authentication - Generic saneh Time to triage: 0 Days and 17 hours


Time to close: 1 Days and 4 hours
Resolved

No rating Session not changed after password reset

None supplied alpha66 Time to triage: 0 Days and 6 hours


Time to close: 0 Days and 1 hours
Resolved

Low X-Content-Type-Options has not been set at app.passit.io

None supplied exception Time to triage: 55 Days and 20 hours


Time to close: 1 Days and 0 hours
Resolved

Medium Old sessions does not expire On changing password via https://app.passit.io/account/change-password

Insufficient Session Expiration muski Time to triage: 0 Days and 16 hours


Time to close: 0 Days and 0 hours
Resolved