Ping Identity


7 total issues disclosed

$900 total paid publicly


Most disclosed (2 disclosures) — Violation of Secure Design Principles

View disclosed reports



Disclosed Reports


Report Title Vulnerability Type Disclosed By Severity Disclosed on
Broken Link on Ping Identity's Vulnerability Submission Form on Hackerone Violation of Secure Design Principles awararesearcher Low 2021-06-16
Stored XSS in Application menu via Home Page Url Cross-site Scripting (XSS) - Stored renniepak Medium 2020-11-16
Session misconfiguration on change password feature at https://apps-staging.pingone.com/myaccount/?environmentId=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx# Violation of Secure Design Principles gujjuboy10x00 Low 2020-11-16
Forbidden access to https://apps-staging.pingone.com but "/packages.json" visible and full path disclosure Improper Access Control - Generic mjigar821 Low 2020-11-16
Session misconfiguration on forget password feature at https://ort-admin.pingone.com Insufficient Session Expiration gujjuboy10x00 Low 2020-11-16
Google Maps API key leaked during device pairing Information Exposure Through Sent Data bug_digger21 Medium 2020-04-29
Internal Hostname disclosure from multiple Apache servers via blank host header method Information Disclosure jackb898 Low 2020-03-12