Pornhub: Unsecured Grafana instance

2016-09-11T15:40:55
ID H1:167585
Type hackerone
Reporter cyber-guard
Modified 2016-09-20T16:39:52

Description

The researcher has found a Grafana instance accessible to the public. User sign-up was left open which allowed him to open an account and access charts on various server resource usage.

This report is considered out-of-scope but Pornhub chose to reward the researcher due to the severity of the issue he found and the quality of the report. A publicly accessible Grafana instance was identified. Due to the default behaviour of the application, it was possible to register a new account and view internal information about PH servers and resources.

This vulnerability was discovered using the infrastructure monitoring platform BugLabs.me - http://buglabs.me