0

I found a vulnerability in WhatsApp which allows the attacker to temporarily lock you out of your account (which results among other things in a loss of productivity e.g. stemming from a loss of the chat history).

I've reported it via Facebook's bug bounty program but it was rejected and the provided argument was wrong/incorrect/false. What's worse they closed the "ticket" without allowing me to refute their argument.

What should I do about that? I'm thinking of resumbitting it again.

Artem S. Tashkinov
  • 3,312
  • 7
  • 19

1 Answers1

2

It seems DoS attacks are Out of Scope for a Facebook Bug Bounty program (https://www.facebook.com/whitehat). I'd wager your report was immediately rejected on that premise. If I were you, I wouldn't resubmit again.

Rohilla
  • 21
  • 2
  • I still did. Not because I'm stupid or persistent in my stupidity but because this attack can be carried out by a 3rd grader against tons of people. In fact this is how I lost access to my own account for a few days. – Artem S. Tashkinov Mar 15 '23 at 15:59
  • 1
    DoS is still out of scope, even if it's low skill attack. – vidarlo Mar 15 '23 at 22:04