Hackerone is a joke, anyway. Organizations will just respond with "it's a featur... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

kaetemi on March 4, 2022 | parent | context | favorite | on: A GitHub repository was public-viewable

Hackerone is a joke, anyway. Organizations will just respond with "it's a feature, not a bug" to get out of any bounty. I once reported that you could log on to certain PP accounts with just username and CC number, bypassing configured 2FA, and allowing to wipe the 2FA. Guess the response. Lo and behold, it's fixed now.

throwoutway on March 5, 2022 [–]

Hackerone should be an escrow that can arbitrate and overrule insipid behavior like that.

But they won’t, will they?

Maybe someone else will fill that void

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact