Uber: SAML Authentication Bypass on uchat.uberinternal.com

2017-04-22T09:13:43
ID H1:223014
Type hackerone
Reporter mishre
Modified 2017-09-05T18:05:56

Description

Due to improper SAML verification it was possible to bypass the OneLogin authentication on https://uchat.uberinternal.com and gain unauthorized access to internal chats.

We enjoyed working with @mishre on this report and look forward to receiving more submissions from them in the future! http://blog.mish.re/index.php/2017/09/06/uber-bug-bounty-gaining-access-to-an-internal-chat-system/