← Back to context

Comment by CaptainOfCoit

1 year ago

> Today I’m publicizing a Google OAuth vulnerability that allows employees at companies to retain indefinite access to applications like Slack and Zoom, after they’re off-boarded and removed from their company’s Google organization. The vulnerability is easy for a non-technical audience to understand and exploit.

> October 5th- Google paid $1337 for the issue

Is that a joke? Does Google really value security so low?

If i read the post right, the behaviour in question was already mentioned in the docs before they reported this. I'm more surprised they got any money instead of a "its a feature not a bug" response.

  • Exactly. They paid for a detailed example they can point to of why one should follow the docs. Lot cheaper than a tech writer.