Barely a month after winning $30,000 from Facebook for spotting a flaw in Instagram. Chennai based security researcher Laxman Muthiyah on Monday said he again discovered a new account takeover vulnerability on the photo and video-sharing app.
The researcher asserted that he again discovered a new account takeover vulnerability. And he won $10,000 as part of Facebook’s bug bounty program.
The new vulnerability that Laxman Muthiyah spotted was similar to the one. reported in July and allowed anyone to hack Instagram accounts without consent permission.
Muthiyah found the same device ID- the unique identifier used by The Instagram server to validate password reset codes. It can be used to request multiple passcodes of different users.
He showed that this vulnerability can be exploited to hack Instagram accounts. You identified insufficient protections and a recovery endpoint. And allowing an attacker to generate numerous valid nonces to ten attempt recovery, Facebook said in a letter to Laxman Muthiyah.
- IPL 2021 CSK Playing XI vs MI: Robin Uthappa likely to be opening
- IPL 2021 KKR vs RCB Live: How to watch Live Streaming in India
- IPL: BCCI keen to welcome Lucknow as a new IPL City
- IPL 2021 CSK VS MI: Rohit Sharma vs Shardul Thakur MS Dhoni vs Jasprit Bumrah, Key Battle to watch out for
- IPL 2021: No MI or CSK, THIS franchise leads the list of most centuries by a team
- IPL 2021: Predicted the first Playing XI of Punjab Kings
- PUBG Mobile and BGMI 1.6 Update VS AI Mode: Here’s how to play