Netflix - Finding Bug

08:01 Posted by Ali Hassan Ghori ,
Netflix has Responsible Disclosure Policy and Hall Of Fame page for those who report a valid bug to them.

For this I am searching for a bug that is Valid and may be not a Duplicate issue. ALHAMDULILLAH ! , It is my luck that the reported issue got Valid and not reported previously by other researcher.

Here is Details:

During  reconnaissance I got a domain (netflixprize.com), now I searching for a bug in it. I noticed that Password data is transmitted over HTTP. I report this issue to Netflix. They accepted it and remove the Login page because there is no more need of Login page in that domain.











Reporting Date: Jan/02/2014
Acknowledgement Date: Jan/02/2014
Issue fixed: Jan/03/2014
Listed Inside Netflix: Jan/04/2014