The Story of the CoinBeyond Bug

Hi there,

So this is the story about a bug on CoinBeyond.com.
CoinBeyond provides a future-ready payment platform for Point-of-Sale and eCommerce. They make cutting-edge payment technology adoption simple for busy merchants so they can accept more ways to pay and provide their customers a modern multi-channel checkout experience.

The Bug

So I was testing their Android App. First of all I tried to login to my account. I was checking for any rate limiting on the user login panel on Android App.

So basically there login panel looks like and I Entered my Email in it 

I am entering wrong password for login and it took me to another page 
which looks likes this 

But there is something weird here.
I entered my email which is jkspentester@**.in but on this page it is only showing jkspentester
Jkspentester was my username of that account to basically it is leaking the username which is associated with the email address entered in above steps.

Steps To Reproduce

1. Open CoinBeyond Android App and enter your email
2. Now enter any wrong password and click on signin.
3. On the next page the username associated with the email id will be revealed.

If you enters a email id which doesn't have an account to the website the whole email is returned on the next page.

I reported this bug to CoinBeyond team and they said they will fix it but after 7 Months they are still not able to provide any ETA for fix + They are not replying me So I am disclosing this bug.

More bugs coming soon

Regards

Jitendra Singh(Team Computer-Korner)

Feel Free To Leave A Comment If Our Article has Helped You, Support Us By Making A Small Contribution, Thank You!