$100 Bounty: How a Spoofed Email Could Change Any Username on HackerOne
1 min read
Summary
Security researcher abuseing identified that a simple email spoofing trick could be used to highjack a user’s HackerOne username, as it would be possible to respond to a username change request without actually having access to the account.
This vulnerability centred around the responsible disclosure bug platform’s support process for managing username changes.
When a user requests a username change, the usual course of action involves support staff confirming the request via the email linked to the account.
abuseing found that a spoofed email could be used to respond to the request, allowing for the taking over of usernames and profile links, without account access.
The discovery earned a $100 bounty, with the vulnerability being fixed through additional checks and verification processes.