Navigation:   Dark C0d3rs Exploit Log Research Papers/Vulnerability reports HackerOne Disclosed Reports - 2025-08-23

HackerOne Disclosed Reports - 2025-08-23

0 Replies, 212 Views

 hashXploiter

   08-24-2025, 12:30 PM
Administrator
#1
Logo
Medium
resolved

PII Exposure via Email Confirmation Link – Email Embedded in Token & Leaked via Wayback Machine


Bug reported by Mantosh Sah was disclosed at August 23, 2025, 5:29 am   |   Information Disclosure

An email confirmation link used by Omise (dashboard.omise.co) included the user's email address directly embedded in a token that was visible in the URL. This token was archived publicly by the Wayback Machine (archive.org), resulting in public exposure of personally identifiable information (PII).


[Image: e72398fe92beda2aa80d0329e8b9f4febece7568.gif]

Messages In This Thread
HackerOne disclosed reports - 2025-08-23 - by hashXploiter - 08-24-2025, 12:30 PM



Users browsing this thread: