Pornhub: Unsecured Grafana instance

ID H1:167585
Type hackerone
Reporter cyber-guard
Modified 2016-09-20T16:39:52


The researcher has found a Grafana instance accessible to the public. User sign-up was left open which allowed him to open an account and access charts on various server resource usage.

This report is considered out-of-scope but Pornhub chose to reward the researcher due to the severity of the issue he found and the quality of the report. A publicly accessible Grafana instance was identified. Due to the default behaviour of the application, it was possible to register a new account and view internal information about PH servers and resources.

This vulnerability was discovered using the infrastructure monitoring platform -