Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
hackeroneAbc12345H1:161932
HistoryAug 21, 2016 - 1:59 p.m.

Certly: Non secure requests at guard.certly.io not upgrading to https

2016-08-2113:59:29
abc12345
hackerone.com
16
JSON

The issue is of http requests not upgrading to https at before mentioned domain.
Thus can allow an attack to steal important info like credentials and all other type of info.

Your domain is hsts preloaded so automatically upgraded to https , but the browsers who don’t have this mentioned support like safari can allow attack.
Steps:

  1. Go to http://guard.certly.io( in safari or Firefox hsts off manually).
    2.go to sign in page.
    3.no https enforced.
    The attack is very similar to the https://hackerone.com/reports/158186 , so you can follow that for further
    Impact.
JSON