Oath: Insufficient validation of redirect URL on login page allows hijacking user name and password

ID H1:2126
Type hackerone
Reporter janmoesen
Modified 2015-08-14T20:21:15


Thank you for your submission to Yahoo’s Bug Bounty program. While we recognize the effort that you put into the research and writing of a report for us to evaluate, but unfortunately this bug has already been reported to us. We appreciate your adherence to responsible disclosure guidelines and look forward to your future participation in the program.