I discovered an IDOR (Insecure Direct Object Reference) vulnerability on CrazyGames where private rooms protected by a PIN could be accessed by anyone simply by modifying the room name in the URL — completely bypassing the password protection and exposing private sessions to strangers.I reported this professionally and in good faith as a security researcher, providing detailed steps to reproduce the issue. The bug has since been fixed, which means my report was clearly taken seriously and acted upon.However, to this day I have received zero response, zero acknowledgment, and zero recognition for helping protect their platform and users.This is extremely discouraging for anyone in the security community. Responsible disclosure deserves at least a thank you. I am not asking for money — a simple reply would have been enough.I hope CrazyGames improves how they handle security reports in the future and gives researchers the basic respect they deserve.
Claim your business profile now and gain access to all features and respond to customer reviews.
Play free online games at CrazyGames, the best place to play high-quality browser games. We add new games every day. Have fun!
