I recently received 2 vulnerability reports, which are correctly associated to the OBB program I set up for my domains. However, even when logged in, I cannot see any of the details the researcher entered.
Kind of hard to fix things without any information of what's broken
In the past I have not had any trouble like this. Does anyone know of any issues causing this, or what I could do to figure out why it is happening?
Related OBB reports:
https://www.openbugbounty.org/reports/707950
https://www.openbugbounty.org/reports/707951
Why can't I see the details?
-
- Posts:56
- Joined:Sat Apr 30, 2016 5:58 pm
Re: Why can't I see the details?
Details of the reports are hidden by researcher, please contact the researcher by email.
-
- Posts:9
- Joined:Wed Jul 18, 2018 11:14 pm
Re: Why can't I see the details?
They can do that? Why would someone intentionally hide the details from whom they are reporting to? That completely negates almost every benefit of what OBB provides.
Will work directly with researcher to get the info, but this still seems like a system issue to me though.
Will work directly with researcher to get the info, but this still seems like a system issue to me though.
- GordSchramm
- Posts:164
- Joined:Thu Apr 28, 2016 11:26 pm
Re: Why can't I see the details?
Ok. Do not take me wrong with this. There could be various reasons. 1) divulging the the vuln might be accidentally be revealed to someone else that has no business knowing what it is.....2) a lot of times researchers want to be thanked for what they do....example...a researcher finds the vuln..............a website owner fixes the vuln when disclosed.....but the researcher gets no thanks for what they have done.......remember, do not take this the wrong way.....a great majority of us want to help....we just feel that sometimes a fix is not recognized...OBB74286025 wrote: ↑Mon Dec 10, 2018 6:00 pmThey can do that? Why would someone intentionally hide the details from whom they are reporting to? That completely negates almost every benefit of what OBB provides.
Will work directly with researcher to get the info, but this still seems like a system issue to me though.
Kind Regards,
-
- Posts:9
- Joined:Wed Jul 18, 2018 11:14 pm
Re: Why can't I see the details?
For #1, do you mean not having that detail shown to the world once the "Scheduled Public Disclosure" date is reached? I could understand that, to an extent. Although one of the reasons for public disclosure is to help motivate web site owners to act promptly. But sure, if the details contained some sort of trade-secret level of info, then yes that should probably be left out of the report and communicated privately.GordSchramm wrote: ↑Tue Dec 11, 2018 2:59 amOk. Do not take me wrong with this. There could be various reasons. 1) divulging the the vuln might be accidentally be revealed to someone else that has no business knowing what it is.....2) a lot of times researchers want to be thanked for what they do....example...a researcher finds the vuln..............a website owner fixes the vuln when disclosed.....but the researcher gets no thanks for what they have done.......remember, do not take this the wrong way.....a great majority of us want to help....we just feel that sometimes a fix is not recognized...OBB74286025 wrote: ↑Mon Dec 10, 2018 6:00 pmThey can do that? Why would someone intentionally hide the details from whom they are reporting to? That completely negates almost every benefit of what OBB provides.
Will work directly with researcher to get the info, but this still seems like a system issue to me though.
Kind Regards,
For #2, I don't really see how withholding information is going to aid in recognition. The whole point of OBB is to foster the whole process and highly encourages said recognition. By avoiding the key ingredient in the mechanism of OBB, it would actually hinder resolution, and thus reduce recognition thereof. In my case, it just slowed things down, and had no bearing one way or the other on any recognition.
- GordSchramm
- Posts:164
- Joined:Thu Apr 28, 2016 11:26 pm
Re: Why can't I see the details?
I absolutely agree with you....since you are apart of the bug bounty program, I do believe that info on the vulnerability should be available to you. Best thing to do is to address this to the admin of OBB.
Kind Regards,
Gord
Kind Regards,
Gord
Re: Why can't I see the details?
By default report details auto disclosure to bug bounty owners but for current reports researcher disabled this option when create report. Please contact researcher directly.OBB74286025 wrote: ↑Sat Dec 08, 2018 12:03 amI recently received 2 vulnerability reports, which are correctly associated to the OBB program I set up for my domains. However, even when logged in, I cannot see any of the details the researcher entered.
Kind of hard to fix things without any information of what's broken
In the past I have not had any trouble like this. Does anyone know of any issues causing this, or what I could do to figure out why it is happening?
Related OBB reports:
https://www.openbugbounty.org/reports/707950
https://www.openbugbounty.org/reports/707951
Who is online
Users browsing this forum: No registered users and 2 guests