Breach, Data Security, Vulnerability Management

Uber forks over $10K bounty for login bypass flaw

Finnish researcher Jouko Pynnönen  recently snagged a $10,000 bounty from Uber for discovering a login bypass vulnerability.

In a post on, Pynnönen said the bug in OneLogin SAML-SSO let anyone “login without a password or other authentication.”

When an attacker supplies a username – along with an email address, name and a role – that isn't in the WordPress database, “the plugin will create a new user (if the provisioning setting is on),” the researched wrote. But “it looks like in order to gain administrator privileges the attacker has to guess some information - a role name such as "administrator", or the email address or username of an existing administrator,” Pynnönen said.

When he tried to guess the information on, the researcher said he couldn't uncover the necessary data to gain administrator privileges.

“Therefore [I] was able to create only a ‘subscriber' level account,” he said. “On the role name apparently was simply ‘administrator' so I got that privilege on the system. Some other plugin settings may affect this behavior too.”

Uber notified the researcher in May that it was awarding him its maximum bounty “due to the chain with the shared JavaScript with We recognized the chained JavaScript source elevates the impact in this case (and rewarded this bug accordingly).”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.