Binance fixed the IP whitelist gap — but the disclosure process is still broken
I recently re-tested an old Binance API finding I had reported through Bugcrowd. The original issue was about Binance API IP whitelisting and derived listenKey stream credentials. At the time, a listenKey could be created from a whitelisted IP and then used from a non-whitelisted IP to consume pri
ORIGINAL SOURCE →via Reddit r/netsec
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · conflict
- [CONFLICT] Intermodal Asia
- [CONFLICT] UNDRR Regional Office for Arab States
- [CONFLICT] Digital security in war and conflict: challenges for civil society and tools for resilience
- [CONFLICT] Securing the Untrusted Agentic Development Layer
- [CONFLICT] IDF tries to assassinate Hezbollah Radwan commander in Beirut in first attack on capital in weeks
- [CONFLICT] Ekran kırık ama yayın net! Çobanın hava durumu spikerliği görenleri güldürdü