Video wird geladen...
Video konnte nicht geladen werden
Integrity flow vulnerability in "microsoft teams" poll 3000$ bounty Sometimes, overlooked isuue can create significant vulnerability. In the "displayname" field, we send the name of the person we want the message to be send. #bugbounty
11,998 Aufrufe • vor 3 Jahren •via X (Twitter)
10 Kommentare

#AmaN 🔥vor 3 Jahren
Have you created poll with another user id ?

Moslem Haghighianvor 3 Jahren
Yes that's right

#AmaN 🔥vor 3 Jahren
Because I didn’t understand properly

Damanpreet Singh🇮🇳🐐vor 3 Jahren
@v3d_bug 66897 🌜, congratulations 🎉

🦇 ©vor 3 Jahren
So you created a poll on behalf of user

Verneetvor 3 Jahren
is it fixed?

Moslem Haghighianvor 3 Jahren
Yes, according to the rules, you have to wait until the bug is fixed, that's why I published this vulnerability after a few months of delay.

CoinbaseProvor 3 Jahren
impact?

CoinbaseProvor 3 Jahren
bro you just intersept and change the name so where is impact...?

Moslem Haghighianvor 3 Jahren
In this vulnerability, it was possible to change the name to your ID and send messages or polls in the group instead of you. So identity spoofing happens because I poll with another person's ID.


