Cryptography Vulnerabilities on HackerOne

Mohammadreza Hazhirpasand and Mohammad Ghafari. Cryptography Vulnerabilities on HackerOne. In 21st IEEE International Conference on Software Quality, Reliability, and Security (QRS), p. 18-27, December 2021. Details.


Previous studies have shown that cryptography is hard for developers to use and misusing cryptography leads to severe security vulnerabilities. We studied relevant vulnerability reports on the HackerOne bug bounty platform to understand what types of cryptography vulnerabilities exist in the wild. We extracted eight themes of vulnerabilities from the vulnerability reports and discussed their real-world implications and mitigation strategies. We hope that our findings alert developers, familiarize them with the dire consequences of cryptography misuses, and support them in avoiding such mistakes.

Posted by scg at 25 April 2022, 9:15 am link
Last changed by admin on 21 April 2009