Not every security issues can be fixed. There exist (what I call) "unfixable" bugs, where you can always argue and shift the goal posts. The idea is to only report these kind of issues to create an endless stream of bug bounty money!

Buy my terrible font (ad): https://shop.liveoverflow.com
Learn hacking (ad): https://hextree.io

What is a vulnerability? https://www.youtube.com/watch?v=866olNIzbrk

hackerone reports:
https://hackerone.com/reports/812754
https://hackerone.com/reports/6883
https://hackerone.com/reports/223337
https://hackerone.com/reports/819930
https://hackerone.com/reports/224460
https://hackerone.com/reports/160109
https://hackerone.com/reports/557154

OWASP: https://owasp.org/www-community/controls/Blocking_Brute_Force_Attacks

Chapters:
00:00 - Intro
00:30 - Denial of Service with loooong passwords
03:18 - Invalid vs. Valid DoS Reports
05:11 - Deployment Differences
06:54 - Denial of Service vs. Bruteforce Protection
09:27 - IP Rate-Limiting "fix"
12:06 - Locking User Accounts?
13:59 - The Circle of Unfixable Security Issues
15:25 - Vulnerability vs. Weakness
16:49 - The Cybersecurity Industry
19:03 - Conclusion: Cybersecurity vs. Hacking
21:34 - Outro

=[ ❤️ Support ]=

→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join

2nd Channel: https://www.youtube.com/LiveUnderflow

=[ 🐕 Social ]=

→ Twitter: https://twitter.com/LiveOverflow/
→ Streaming: https://twitch.tvLiveOverflow/
→ TikTok: https://www.tiktok.com/@liveoverflow_
→ Instagram: https://instagram.com/LiveOverflow/
→ Blog: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/