Reports in legal robot program: S.No Title Bounty 1 Amazon Bucket Accessible (http://legalrobot.s3.amazonaws.com/) $0.0 2 Information Disclosure in AWS S3 Bucket $0.0 3 Remote Code Execution (upload) $0.0 4 Subdomain takeover at api.legalrobot.com due to non-used domain in Modulus.io. $0.0 5 2 vulns $0.0 6 Email spoofing-fake mail from your mail domain server $0.0 7 Clickjacking: X-Frame-Options header missing $0.0 8 UI Redressing ( ClickJacking ) Issue on Information submit form $0.0 9 Click Jacking $0.0 10 Legal | Application is Missing CSP(Content Security Policy) Header $0.0 11 Possible content spoofing due to missing error page $0.0 12 Registration bypass using OAuth logical bug $0.0 13 Missing security headers, possible clickjacking $0.0 14 CSRF $0.0 15 User Information leak allows user to bypass email verification. $0.0 16 User Information sent to client through websockets $0.0 17 Rate limiting on password reset links $0.0 18 - Guessing registered users in legalrobot.com $0.0 19 Rate limiting on Email confirmation link $0.0 20 No valid SPF record $0.0 21 SSL Issue on legalrobot.com $0.0 22 SPF Issue $0.0 23 missing SPF for legalrobot.com $0.0 24 AWS S3 website can't serve security headers, may allow clickjacking $0.0 25 CORS (Cross-Origin Resource Sharing) $0.0 26 unsecured legalrobot.co.uk assets $0.0 27 Information Disclosure on rate limit defense mechanism $0.0 28 Bypass 8 chars password complexity with 6 chars only due to insecure password reset functionaliy $0.0 29 No DMARC Record in legalrobot-uat.com $0.0 30 Server version disclosure $0.0 31 Near-duplicate accounts allowed with ignored email mutations $0.0 32 Missing restriction on string size in profile fields $0.0 33 Validation bypass on user profile $0.0 34 Email spoofing possible via Legal Robot domain $0.0 35 SWEET32 TLS attack $0.0 36 Password complexity requirements not enforced $0.0 37 content spoofing $0.0 38 Missing link to 2FA recovery code $0.0 39 Domain takeover (legalrobot.co.za) $0.0 40 User enumeration $0.0 41 Intercom chat session information persists after logout $0.0 42 Users with 2FA can have multiple sessions $0.0 43 Non-functional 2FA recovery codes $0.0 44 Token leakage by referrer $0.0 45 Account profile shows encryption recovery box for all users $0.0 46 [New Feature] Password history check $0.0 47 Token leakage by referrer header & analytics $0.0 48 Pages don't render in old browsers like IE11 $0.0 49 Meta characters are not filtered into full name on profile page $0.0 50 [Cross-domain Referer leakage] Password reset token leakage via referer $0.0 51 No notification on change password feature $0.0 52 SSL BREACH attack (CVE-2013-3587) $0.0 53 LUCKY13 (CVE-2013-0169) effects legalrobot.com $0.0 54 Big XSS vulnerability! $0.0 55 Subdomain misconfiguration [mail.legalrobot.com] $0.0 56 Lack of input validation in e-mail & user name, job title, company name field $0.0 57 2FA Error Handling on Google Authenticator $0.0 58 Profile shows incorrect account creation date $0.0 59 Enhancement: email confirmation for 2FA recovery $0.0 60 Missing link to TOTP manual enroll option $0.0 61 2FA user enumeration via login $0.0 62 Code injection $0.0 63 2FA user enumeration via password reset $0.0 64 Incorrect email content when disabling 2FA $0.0 65 Lengthy manual entry of 2FA secret $0.0 66 Mixed Content over HTTPS $0.0 67 Incorrect error message $0.0 68 Update any profile $0.0 69 TabNabbing issue (due to taget=_blank) $0.0 70 Password Reset page Session Fixation $0.0 71 Improper validation of parameters while creating issues $0.0 72 Tampering the mail id on chatbox $0.0 73 Password reset access control $0.0 74 Password reset form ignores email field $0.0 75 Change password logic inversion $0.0 76 Missing Issuer parameter on TOTP 2FA $0.0 77 Weak Cryptography for Passwords $0.0 78 Change password session fixed $0.0 79 Name can't be numbers or email $0.0 80 Password Restriction On Change $0.0 81 UX: JS error on Password Safety link $0.0 82 Password complexity not evenly enforced $0.0 83 Email Length Verification $0.0 84 Create Api Key is not working $0.0 85 Special characters are not filtered out on profile fields $0.0 86 Password complexity ignores empty spaces $0.0 87 Information disclosure $0.0 88 The websocket traffic is not secure enough $0.0 89 CSRF Issue $0.0 90 News Feed Detected $0.0 91 Registration Allows Disposable Email Addresses $0.0 92 Password Policy Bypass $0.0 93 CSP script-src includes "unsafe-inline" $0.0 94 Coding error ! $0.0 95 I cant login to my account $0.0 96 design issue exists on login page $0.0 97 Invalid Email Verification $0.0 98 S3 ACL misconfiguration $0.0 99 No length limit in invite_code can cause server degradation $0.0 100 clickjacking at http://mailboxes.legalrobot-uat.com/ $0.0 101 Profile fields validation bypass $0.0 102 Improper error message $0.0 103 No alert in verify email address with wrong input $0.0 104 Error the message with already e-mail $0.0 105 Bypass email verification when register new account $0.0 106 Password reset token issue $0.0 107 first name and last name restrictions bypass $0.0 108 User enumeration from failed login error message $0.0 109 Logic issue in email change process $0.0 110 Missing access control at password change $0.0 111 Autocomplete feature $0.0 112 observer.com URL should HTTPS $0.0 113 2FA manual entry uses wrong encoding $0.0 114 Futureoflife organization URL should be HTTPS $0.0 115 Profile fields validation mismatch $0.0 116 Homograph IDNs displayed in Description $0.0 117 UX: JS error on Password Safety link $0.0 118 Failed OutLink on Terms of Service $0.0 119 External links to be in HTTP $0.0 120 Password Complexity $0.0 121 Missing homograph filter character $0.0 122 2FA manual entry uses wrong encoding $0.0 123 app.legalrobot.com opens FireFox but not in FireFox ESR $0.0 124 No error or notification on Reset password page $0.0 125 Issues with Forgot password Error Handling $0.0 126 Privilege Escalation to Admin-level Account $0.0 127 Allowance of Meta/Null characters $0.0 128 Wrong password validation message $0.0 129 [UX] Notify user on likely email address typo $0.0 130 Unable to change profile picture $0.0 131 Information Discloser $0.0 132 cross site web socket hijacking $0.0 133 Legal Robot AWS S3 Bucket Directory Listing $0.0 134 sql injection vulnerablity found $0.0 135 XSS on app.legalrobot.com $0.0 136 Cross Site WebSocket Hijacking $0.0 137 External links should be served in HTTPS. $0.0 138 Chat exposed using cookie $0.0 139 Venturebeat.com URL should be HTTPS $0.0 140 Two accounts can be made with same password $0.0 141 Non-HTTPS link on blog $0.0 142 Legal Robot $0.0 143 Improper Implementation of Password strength checker $0.0 144 Broken links for stale domains may be leveraged for Phishing, Misinformation, Defaming $0.0 145 Clickjacking in Legalrobot app $0.0 146 Exposes a series of other private credentials $0.0 147 Logic issue in email change process $0.0 148 No notification of change email feature $0.0 149 Non-secure requests are not automatically upgraded to HTTPS $0.0 150 Add arbitrary value in reset password cookie $0.0 151 Header Injection In app.legalrobot.com $0.0 152 Null Byte Injection in all fields of Profile $0.0 153 https://www.legalrobot.com/ $0.0 154 Cloudflare issue: Error 521 Ray ID: 2e7ea7f706ea4056 • 2016-09-25 12:59:55 UTC Web server is down $0.0 155 AWS hosting bucket for Legal Robots set as public browse and list contents: s3://legalrobot $0.0