The vulnerability stemmed from the fact that Facebook did not set a rate limit for the number of times a user could try and fail to enter the code.Īnand Prakash, a researcher based in India, discovered the bug and found that he could use a brute-forcing tool to try as many combinations as he wanted when entering the code. Facebook will then send a six-digit code that the user can enter in order to set a new password. When a Facebook user forgets her password, she is directed to a form to enter either an email address or mobile phone number. Facebook has fixed a simple yet potentially dangerous bug in its beta platform that could allow an attacker to take over another user’s account by brute-forcing the passcode that Facebook sends to users who forget their passwords.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |