HackerOne: h1-202 leaderboard photo discloses local wifi password

2018-03-25T20:30:00
ID H1:329798
Type hackerone
Reporter 0x0g
Modified 2018-03-25T21:33:50

Description

Summary:

the h1-202 event took several photos for the event that rotate on the public leaderboard. One of these photos disclosed the local wifi SSID and Password.

Description: SSID: HackerOne Password: █████████

Steps To Reproduce

  1. Look at the photo attached

Remediation

Have your staff photographer revie the background for photos to not disclose passwords.

Impact

Local attackers could connect to the wifi and sniff any unencypted traffic, as well as DoS the network (potentially).