Summary: Recently you allowed us to give testimonials for the sandbox reports which is Vulnerable and allows all the researcher to control their Testimonials for their benefit t.
Description:
When a report is closed as resolved we are given the option of “This hacker is eligible for a testimonial” in the Sandbox report and if we fill out this form and submit it for our own Profile and then go to our profile setting “https://hackerone.com/settings/feedback” and turn on “Show this blurb on my profile” On then this Testimonial will be shown in our Public Profile of Hackerone.
With a Single Sandbox Program I can create more than 50 Testimonials for myself that I have Hacked and I am a good hacker.
Here the Credibility of the Hackeron testimonial system will fail completely as the Other users can only see that a Private program gave them a review and don’t know which program or a Sandbox Program.
Now visit your Public Profile of the active ID Testimonials will be live and visible to all
████
Here the Credibility of the Hackeron testimonial system will fail.
It can be used to Uplift Public Reputation, Might add this Profile to their JOB resume and as everyone believes in Hackerone they will believe this as well. will surely effect the reputation of Hackeorne.