Comment by CaptainOfCoit
1 year ago
> Today I’m publicizing a Google OAuth vulnerability that allows employees at companies to retain indefinite access to applications like Slack and Zoom, after they’re off-boarded and removed from their company’s Google organization. The vulnerability is easy for a non-technical audience to understand and exploit.
> October 5th- Google paid $1337 for the issue
Is that a joke? Does Google really value security so low?
If i read the post right, the behaviour in question was already mentioned in the docs before they reported this. I'm more surprised they got any money instead of a "its a feature not a bug" response.
Exactly. They paid for a detailed example they can point to of why one should follow the docs. Lot cheaper than a tech writer.