Technology
Chennai techie finds flaw in Instagram again, wins $10,000
Chennai, Aug 26
Barely a month after winning $30,000 from Facebook for spotting a flaw in Instagram, Chennai-based security researcher Laxman Muthiyah on Monday said he again discovered a new account takeover vulnerability on the photo and video-sharing app. This time he has won $10,000 as part of the social network's bug bounty programme.
The new vulnerability that Muthiyah spotted was similar to the one he reported in July and allowed anyone to hack Instagram accounts without consent permission.
Facebook has now fixed the vulnerability that Muthiyah reported.
"Facebook and Instagram security team fixed the issue and rewarded me $10000 as a part of their bounty programme," Muthiyah said in a blog post.
Muthiyah found that the same device ID - the unique identifier used by Instagram server to validate password reset codes - can be used to request multiple pass codes of different users.
He showed that this vulnerability can be exploited to hack Instagram accounts.
"You identified insufficient protections on a recovery endpoint, allowing an attacker to generate numerous valid nonces to ten attempt recovery," Facebook said in a letter to Muthiyah.
The new vulnerability that Muthiyah spotted was similar to the one he reported in July and allowed anyone to hack Instagram accounts without consent permission.
Facebook has now fixed the vulnerability that Muthiyah reported.
"Facebook and Instagram security team fixed the issue and rewarded me $10000 as a part of their bounty programme," Muthiyah said in a blog post.
Muthiyah found that the same device ID - the unique identifier used by Instagram server to validate password reset codes - can be used to request multiple pass codes of different users.
He showed that this vulnerability can be exploited to hack Instagram accounts.
"You identified insufficient protections on a recovery endpoint, allowing an attacker to generate numerous valid nonces to ten attempt recovery," Facebook said in a letter to Muthiyah.
1 hour ago
PM Modi arrives in New York to attend UN Summit of the Future
1 hour ago
PM Modi holds bilateral talks with Biden, discusses global, regional issues: MEA
1 hour ago
PM Modi gifts antique silver hand-engraved train model to Biden
1 hour ago
US returns 297 invaluable antiquities to India, PM Modi expresses gratitude
1 hour ago
Quad commits to strengthening cooperation in Indian Ocean region
1 hour ago
US: Four shot dead, dozens injured in mass shooting
1 hour ago
Hezbollah targets Ramat David Airbase in Israel
1 hour ago
Rhino poaching dropped by 86 per cent in Assam due to double engine govt: CM Sarma
1 hour ago
FairPoint: Bitter words and sour laddus, declining political discourse
1 hour ago
Kejriwal questions if RSS okay with BJP's politics
1 hour ago
HYDRAA resumes demolition of illegal structures in Greater Hyderabad
1 hour ago
BJP protests against AAP, demands 'Sheesh Mahal' opened for public viewing
1 hour ago
'Goli' from Pakistan will be replied with 'Gola', says Amit Shah