
Authentication Bypass on Uber’s Single Sign-On via Subdomain Takeover - Artemis2
https://www.arneswinnen.net/2017/06/authentication-bypass-on-ubers-sso-via-subdomain-takeover/
======
eterm
I find it concerning that the original report apparently "fell through the
cracks" and had to be chased up with Uber.

~~~
breakingcups
And somehow they did reward it with a $500 bounty before it fell through the
cracks, and a $4500 bounty after it was rediscovered.

