Back to overview

Cryptography Vulnerabilities on HackerOne

Type of publication Peer-reviewed
Publikationsform Proceedings (peer-reviewed)
Author Hazhirpasand Mohammadreza, Ghafari Mohammad,
Project Agile Software Assistance
Show all

Proceedings (peer-reviewed)

Title of proceedings 2021 IEEE 21st International Conference on Software Quality, Reliability and Security (QRS)
Place Hainan, China
DOI 10.1109/qrs54544.2021.00013

Open Access

Type of Open Access Repository (Green Open Access)


Previous studies have shown that cryptography is hard for developers to use and misusing cryptography leads to severe security vulnerabilities. We studied relevant vulnerability reports on the HackerOne bug bounty platform to understand what types of cryptography vulnerabilities exist in the wild. We extracted eight themes of vulnerabilities from the vulnerability reports and discussed their real-world implications and mitigation strategies. We hope that our findings alert developers, familiarize them with the dire consequences of cryptography misuses, and support them in avoiding such mistakes.