Bug Reports

after adding a new location in the help center, it doesn't appear in the dashboard

the options do not appear in step 2 to add a new mailbox

Steps to reproduce: Open Hoory Click on Reports Click on Inbox In the Duration filter select Custom date range Actual result: "Date range filter" is no longer available to select a date range. Expected result: "Date range filter" is supposed to be available to select the date range. Device: Mobile Samsung Galaxy S7 / iPhone 12 mini OS: Android 8/IOS 16.0 Browser Version: Chrome mobile -103.0.5060.129 / Safari for iOS 16.0 Please see the video: https://drive.google.com/file/d/1cZg-OAbrD4o6ul-7G9xuRjS6EbuOMIl5/view?usp=drive_link

As a product user, the QM team understands the value of improving the user experience by incorporating unique functionality into the product or improving current features and functionality. And make it unique and irreplaceable in the field. When downloading the reports, the downloaded report does not include the resolution count exact numbers. The issue's video is attached.

Steps to reproduce: 1 Open the website 2 Go to Backgammon/Poker 3 Press on Online support link 4 Observe Close button Actual result: The logic of close button is not correct Expected result: When pressing on X button, the window should close, not open Device: Desktop/Mobile Samsung Galaxy S7 / iPhone 12 mini OS: Windows 10/Android 8/IOS 16.0 Browser Version: Chrome 104.0.5112.81 (Official Build) (64-bit)/mobile -103.0.5060.129 / Safari for iOS 16.0 Urgency Medium

Does not display the number of chats

Vulnerability Report: Lack of Rate Limiting in Forget Password Functionality Summary: During a security assessment of the authentication system on https://app.hoory.com/ , a lack of rate limiting was discovered in the "Forget Password" functionality. This vulnerability allows an attacker to potentially launch brute force or automated attacks on user accounts, leading to unauthorized access. Vulnerability Details: Endpoint: The forget password functionality can be accessed via the URL https://app.hoory.com/auth/password . Absence of Rate Limiting: Upon inspection of the request and response traffic, it was observed that there is no rate limiting mechanism implemented for the "Forget Password" feature. This means that an attacker could programmatically send numerous password reset requests without encountering any restrictions. Potential Impact: Credential Guessing: Attackers could leverage this vulnerability to guess user passwords through automated or brute force methods. Account Takeover: Successful exploitation of this vulnerability could lead to unauthorized access to user accounts, potentially compromising sensitive information stored within the application. Reputational Damage: The exploitation of this vulnerability could result in reputational damage for the organization, as users may lose trust in the security of the platform. Recommendations: Implement Rate Limiting: Introduce rate limiting mechanisms to restrict the number of forget password requests that can be made within a certain time period. This can help mitigate the risk of brute force attacks. Monitoring and Logging: Implement robust monitoring and logging mechanisms to track forget password requests and detect suspicious patterns indicative of brute force attacks. User Notifications: Notify users of any forget password requests made on their accounts, allowing them to take appropriate action if they did not initiate the request. Security Awareness: Educate users about the importance of choosing strong, unique passwords and utilizing additional security measures such as multi-factor authentication.

Good afternoon. We have a support bot that provides answers to frequently asked questions. Sometimes, when pressing a button, the return to the main menu does not work, and we have to reload the page. The return is set up automatically using the "Jump" block.

Summary: Upon investigation, it has been discovered that the Instagram username associated with the website " hoory.com " was available for takeover due to a broken link redirecting to a non-existent Instagram page. The original link, https://www.instagram.com/hoory_com/?hl=en , led to an error message indicating that the page was not available. Procedure: Identifying the Issue: While visiting the website hoory.com , it was noted that the Instagram link provided at the bottom of the page redirected to an invalid Instagram page. Confirmation of Broken Link: Upon clicking the Instagram link, users were directed to https://www.instagram.com/hoory_com/?hl=en , where they encountered an error message stating that the page was not available. Username Takeover: To mitigate the issue and prevent misuse, the username "hoory_com" was claimed by accessing the Instagram account associated with the website and successfully changing the username. Conclusion: The broken link redirecting to an unavailable Instagram page presented a security vulnerability known as "Broken Link Hijacking." By taking over the username associated with the website, the potential for misuse or exploitation of the abandoned Instagram handle has been mitigated. Recommendation: Regularly monitor and update website links to ensure they remain functional and lead to the intended destinations. Implement security measures on social media accounts to prevent unauthorized access or takeovers. Conduct routine audits of online presence to identify and rectify vulnerabilities promptly. Action Taken: The Instagram username associated with hoory.com has been successfully claimed and updated to prevent potential misuse or exploitation. Further steps may be taken to enhance security measures and prevent similar incidents in the future.

When we enter Cerebrum Yerevan we want to check whether our Hoory AI assitants are working in our virtual stand, but they are not responsive we click on them but there is no window to start a conversation.