A security researcher discovered a "simple vulnerability" in the social network that allowed hyên to easily hack inkhổng lồ any Facebook account, view message conversations, post anything, view payment thẻ details và do whatever the real trương mục holder can.
Facebook bounty hunter Anvà Prakash from India recently discovered a Password Remix Vulnerability, a simple yet critical vulnerability that could have given an attacker endless opportunities lớn brute force a 6-digit code và remix any account"s password.
The vulnerability actually resides in the way Facebook"s beta domains handle "Forgot Password" requests.
Facebook lets users change their tài khoản password through Password Rephối procedure by confirming their Facebook account with a 6-digit code received via tin nhắn or text message.
To ensure the genuinity of the user, Facebook allows the account holder lớn try up lớn a dozen codes before the trương mục confirmation code is blocked due to the brute force protection that limits a large number of attempts.
However, Prakash discovered that the social truyền thông media giant had not implemented rate-limiting in its password rephối process on the beta sites, beta.facebook.com và mbasic.beta.facebook.com, according to a blog post published by Prakash.
Prakash tried to lớn brute force the 6-digit code on the Facebook beta pages in the "Forgot Password" window và discovered that there is no limit mix by Facebook on the number of attempts for beta pages.
Prakash has also provided a proof-of-concept (POC) Clip demonstration that shows the attaông chồng in work. You can watch the video clip given below that will walk you through the entire procedure:
Share on FacebookShare on TwitterShare on LinkedinShare on RedditShare on Hacker NewsShare on EmailShare on WhatsApp