Pwnie Awards 2017

2020 Nomination for Lamest Vendor Response

Daniel J. Bernstein

Daniel J. Bernstein

In a world, where bug bounties are mostly about whining on social media about duplicates (sorry, you are not the only one who can find open redirects), a generous offer from the last millenium still reminds us of a more civilized age. And what can match such a great incentive better, than a beautiful exploit, that took 15 years and several generations of hardware to develop? Too bad we’ve lost this marker of excellence, because the exploit does not work on the issuers configuration. 4294967296 array elements ought to be enough for everyone, right?

CVE-2005-1513