Password reset vulnerability found in www.facebook.com
description:
sow Ching shiong, an independent researcher has found/discovered a password reset vulnerability in www.facebook.com which can used by an attacker to bypass certain security restriction
in normal circumstances a facebook user which wants to change his/her facebook password is required to give his/her previous facebook password to prevent attackers who can change facebook password without the knowledge of the original user
but through this vulnerability an attacker can change facebook users password without the owner's knowledge by accessing this URL directly:
after that the page will be redirected to:
proof of concept:
step:1 login to your facebook account type this URL in the address bar
http://www.facebook.com/hacked then the will redirect you to
step:2 click on continue to proceed
step:3 confirm new password to change/reset password
the vulnerability has beed confirmed by facebook security team
No comments:
Post a Comment