Skip to main content
Customer Support Customer Support

Facebook Fixes Bug That Allowed You to Reset Anyone's Password

  • March 7, 2016
  • 1 reply
  • 1 view
Jasper_The_Rasper
Moderator
Forum|alt.badge.img+54

Attacker could have hijacked any account he wanted

 
                                 http://i1-news.softpedia-static.com/images/fitted/340x180/facebook-fixes-bug-that-allowed-users-to-set-new-passwords-for-other-accounts.png
 
Mar 7, 2016 17:05 GMT  ·  By Catalin Cimpanu  Facebook has paid $15,000 (€13,600) to an independent security researcher who discovered a simple way of resetting passwords for other accounts, setting a new passphrase and effectively taking over profiles.
 
The developer who discovered this issue and helped Facebook fix it before being abused by a nefarious actor is Anand Prakash, a security researcher based in Karnataka, Bangalore in India.
 
As he describes on his blog, the issue is actually a trivial brute-force attack on the password recovery form, and not on the main Facebook site, which is protected against such types of automated attacks.
 
Full Article
    Baldrick
    Jasper_The_Rasper
    Yankeelady2015
    3 people like this
    • Baldrick
      Baldrick
    • Jasper_The_Rasper
      Jasper_The_Rasper
    • Yankeelady2015
      Yankeelady2015

    1 reply

    Ssherjj
    Moderator
    Forum|alt.badge.img+62
    • Ssherjj
    • Moderator
    • 21949 replies
    • March 7, 2016
    Aww really? It's worth the money. .how long would thus go on if Facebook didn't hire a Security Researchers? That's peanuts to pay that amount anyways for FB.
    Windows Insider, iMac 2021 27 in i5 Retina 5, iMac OS Sequoia (15.4.2), Security: iPads, W 1p0 & (VM:15), ALIENWARE 17R4, W10 Workstation, ALIENWARE 15 R6, W11, Webroot® SecureAnywhere™ Internet Security Complete (Android Samsung Galaxy Ultra Note 23, Webroot Beta Tester. Security
    Jasper_The_Rasper
    1 person likes this
    • Jasper_The_Rasper
      Jasper_The_Rasper

    Reply


    Terms & Conditions