TimmyBugcrowd
commented
1 year ago Hi @galactghost
Just because a port is open doesn't mean the system is automatically vulnerable. There may be robust security mechanisms safeguarding it. As a bug-hunter you would need to provide more security impact, e.g a POC showing that it leaks sensitive information. Hence, I'm closing this.
If you have any further questions/concerns, don't hesitate to reach out to us.
-Timmy
If the ports are open on a server like 8080 (server) , 22 (SSH) and etc . The hacker can try to brute force or get version of the software or server to exploit . In which it can stole sensitive information . That's why this vulnerability should be on P1 or P2 . The hacker can try many password and username to connect to the server or if the service version is showed it can be very dangerous or not depend upon what is running on the port .