Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
SponsorBlock Critical Security Vulnerabilities
2 points by IDIRIS 2 hours ago | hide | past | favorite | 1 comment
SponsorBlock had 7 critical vulnerabilities. Private data of 82k users was accessible.

Full details: https://paste.rs/jVLQb.txt

Data not leaked. Waiting for developer response.

 help



Booo for not waiting for the developer's response. It hasn't even been 24 hours. It's not even July/4th in Europe yet.

> We have no malicious intentions. Our only goal was to identify these security issues and inform the developer so they can be fixed.

> conducted this research in good faith.

Posting it online the same day, then posting on HN to promote it isn't good faith.

   - Any user’s private profile could be retrieved, including:
     • Chosen Username
     • Total Segment Count
     • Minutes Saved for the community
     • View Count (how many times their segments helped others)
     • Reputation Score
     • VIP Status
     • Privacy Preferences
Anonymous user names and some counts.



Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: