Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
hackeroneAlpH1:1418419
HistoryDec 07, 2021 - 7:48 a.m.

Krisp: [api.krisp.ai] Race condition on /v2/seats endpoint allows bypassing the original seat limit

2021-12-0707:48:09
alp
hackerone.com
11
JSON

Security researcher has found a race condition on one of our endpoints which was effectively bypassing maximum seats limit,
We would like to thank @alp for reporting it responsibly to our bug bounty program !
I found a race condition issue at the /v2/seats endpoint. It allowed bypassing maximum seat limit. This issue was fixed by the Krisp team in ASAP. Thank @noisekiller and Krisp team for good work here.

If you want to follow me on Twitter: https://twitter.com/alp0x01

JSON