WakaTime: Unauthorized Disclosure of Private Emails via WakaTime Private Leaderboards

The vulnerability allowed unauthorized disclosure of private email addresses of WakaTime users through the private leaderboards feature. The email addresses were exposed to leaderboard creators and members, even when the users had not chosen to make their emails public...

Researcher Spotlight: Hector Peralta’s Evolution from Popcorn Server to the MSRC Leaderboards

“The bug bounty literally changed my life. Before this, I had nothing.” Coolest thing he purchased: His first vehicle! Best gift to give: Buying his nephew gaming accessories. Favorite Hacking Companion: His two cats. They’re always by his side when he is working late. Origin of his Hacker name:...

Researcher Spotlight: Hector Peralta’s Evolution from Popcorn Server to the MSRC Leaderboards

“The bug bounty literally changed my life. Before this, I had nothing.” Coolest thing he purchased : His first vehicle! Best gift to give: Buying his nephew gaming accessories. Favorite Hacking Companion : His two cats. They’re always by his side when he is working late. Origin of his Hacker name...

WakaTime: Private leaderboard owner email disclosure when sending invites

Hi , the unVerify email disclosure when invite to any one on Leaderboards . Step .. 1- create account [email protected] . 2- not verify email . 3- go to Leaderboards . 4- check invite any email [email protected] . your friends. 5- your friends look inbox the waketime invite it say [email protected]...

WakaTime: No rate limit on creating private leaderboards.

Hey Alan Similar to report 244813 , there is no rate limit in creating private leaderboards , I was able to create more than 300 private leaderboards on my test id. Kindly look into it. Ping me back if i am unable to demonstrate the issue. Regards Ahmad...