Facebook fixes bug in beta-site to hijack accounts were




By was an error in the beta site Facebook allows an unlimited number of times to enter a code to reset passwords. With just the phone number or email address of a member of the social network to the six-digit code could be traced through brute force.

Who forgets his password, Facebook can fill in this reset his phone number or email address. Facebook then sends a six-digit reset code for authentication. After 10 to 12 times entering incorrect lapses that code, in order to prevent attempts an attacker using brute force all possible codes and unauthorized can change the password.

At beta.facebook.com and mbasic.beta.facebook.com however, there appeared to be no limit on the number of times entering the code found Anand Prakash, an Indian ‘bugbountyhunter. He succeeded with the Burp Repeater -tool after numerous attempts to determine the correct reset code to change the password of his own account. According to him, this could have been at each account.

Facebook acknowledged the error, restored it and Prakash had an amount of $ 15,000 to his discovery.


In: A Technology & Gadgets Asked By: [19058 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »