Skip to main content  >
Hackerone logo
Learn more about HackerOne
Log in
48
#2082680
Register & create a ticket as somebody else on HackerOne Support
Summary by HackerOne
The Hacker was able to submit tickets on HackerOne Support (https://support.hackerone.com) under the identity of different people. We've resolved the issue by changing a setting in the Freshdesk Software.
Something that's different from usual reports we get is that this was an asset not considered in scope, so we didn't have a concrete bounty table and it brought our team to the drawing board on how we want to handle such reports. Whilst we want to encourage hackers to hack on non-listed assets belonging to us, and also out-of-scope assets (i.e. for managed services) that are on us, such as misconfigurations or information disclosure.
Currently, it's not something we have clear guidelines for. We opted to give a bonus without bounty instead to speed the process along.
Regarding limited disclosure: Many comments in this thread are not directly in scope of the report and would lead to broken conversation cycles if we made them internal.
Timeline
735t
submitted a report to HackerOne.
July 24, 2023(2 months ago)
HackerOne triage
 closed the report and changed the status to Informative
Updated Jul 25th (2 months ago)
 posted a comment
Updated Jul 25th (2 months ago)
 posted a comment
Jul 25th (2 months ago)
 posted a comment
Updated Jul 25th (2 months ago)
 posted a comment
Jul 25th (2 months ago)
 posted a comment
Jul 26th (2 months ago)
HackerOne staff
 posted a comment
Jul 27th (2 months ago)
HackerOne staff
 posted a comment
Jul 27th (2 months ago)
HackerOne staff
 changed the report title
Jul 27th (2 months ago)
 posted a comment
Jul 27th (2 months ago)
HackerOne staff
 posted a comment
Jul 27th (2 months ago)
HackerOne staff
 reopened this report
Jul 27th (2 months ago)
HackerOne staff
 changed the status to Retesting
Updated Jul 27th (2 months ago)
Baraka
 completed a retest
Jul 27th (2 months ago)
HackerOne
 accepted completed retest from the retester
Jul 27th (2 months ago)
HackerOne staff
 closed the report and changed the status to Resolved
Jul 27th (2 months ago)
 posted a comment
Jul 27th (2 months ago)
HackerOne staff
 changed the scope
Jul 27th (2 months ago)
HackerOne staff
 changed the weakness
Jul 27th (2 months ago)
HackerOne staff
 updated the severity to none
Jul 27th (2 months ago)
HackerOne staff
 posted a comment
Jul 27th (2 months ago)
HackerOne staff
 posted a comment
Jul 27th (2 months ago)
 posted a comment
Jul 27th (2 months ago)
HackerOne staff
 reopened this report
Jul 27th (2 months ago)
HackerOne staff
 closed the report and changed the status to Duplicate (#2001913)
Jul 27th (2 months ago)
HackerOne staff
 posted a comment
Jul 27th (2 months ago)
HackerOne staff
 reopened this report
Jul 27th (2 months ago)
HackerOne staff
 closed the report and changed the status to Resolved
Jul 27th (2 months ago)
 posted a comment
Jul 28th (2 months ago)
HackerOne
 rewarded someone with a bounty
Jul 31st (2 months ago)
HackerOne staff
 posted a comment
Jul 31st (2 months ago)
HackerOne staff
 requested to disclose this report
Jul 31st (2 months ago)
 posted a comment
Jul 31st (2 months ago)
 posted a comment
Jul 31st (2 months ago)
HackerOne staff
 posted a comment
Jul 31st (2 months ago)
 posted a comment
Jul 31st (2 months ago)
 agreed to disclose this report
Jul 31st (2 months ago)
 This report has been disclosed
Jul 31st (2 months ago)
Reported July 24, 2023, 7:31pm UTC
Participants
Report Id
#2082680
Resolved ()
Reported to
HackerOne
Managed
Disclosed
July 31, 2023, 9:35am UTC
Severity
None (0.0)
Weakness
Misconfiguration
Time spent
None
CVE ID
None