Technology
Chennai techie finds flaw in Instagram again, wins $10,000
Chennai, Aug 26
Barely a month after winning $30,000 from Facebook for spotting a flaw in Instagram, Chennai-based security researcher Laxman Muthiyah on Monday said he again discovered a new account takeover vulnerability on the photo and video-sharing app. This time he has won $10,000 as part of the social network's bug bounty programme.
The new vulnerability that Muthiyah spotted was similar to the one he reported in July and allowed anyone to hack Instagram accounts without consent permission.
Facebook has now fixed the vulnerability that Muthiyah reported.
"Facebook and Instagram security team fixed the issue and rewarded me $10000 as a part of their bounty programme," Muthiyah said in a blog post.
Muthiyah found that the same device ID - the unique identifier used by Instagram server to validate password reset codes - can be used to request multiple pass codes of different users.
He showed that this vulnerability can be exploited to hack Instagram accounts.
"You identified insufficient protections on a recovery endpoint, allowing an attacker to generate numerous valid nonces to ten attempt recovery," Facebook said in a letter to Muthiyah.
The new vulnerability that Muthiyah spotted was similar to the one he reported in July and allowed anyone to hack Instagram accounts without consent permission.
Facebook has now fixed the vulnerability that Muthiyah reported.
"Facebook and Instagram security team fixed the issue and rewarded me $10000 as a part of their bounty programme," Muthiyah said in a blog post.
Muthiyah found that the same device ID - the unique identifier used by Instagram server to validate password reset codes - can be used to request multiple pass codes of different users.
He showed that this vulnerability can be exploited to hack Instagram accounts.
"You identified insufficient protections on a recovery endpoint, allowing an attacker to generate numerous valid nonces to ten attempt recovery," Facebook said in a letter to Muthiyah.
14 hours ago
Great Nicobar project to solidify India’s position in Strait of Malacca: Report
14 hours ago
Hindu groups join White House faith dialogue
14 hours ago
Two dead in mass shooting at Canada street festival
14 hours ago
Fast-moving wildfire in US Southern California forces evacuations
14 hours ago
12 nations reaffirm commitment to free, open Indo-Pacific
14 hours ago
US renews call to free Cuba prisoners
14 hours ago
Trump renews criticism of US media, alleges 'fake news'
14 hours ago
US launches third round of strikes on Iran
14 hours ago
Man held after Indian American wife killed, son shot in US
14 hours ago
18-member panel to review ongoing survey identifying illegal, unrecognised madrasas in Bengal
14 hours ago
Bomb threat at Mumbai's Taj Hotel declared hoax after security check
14 hours ago
Vietnam boat tragedy: CM Naidu orders swift measures to bring back bodies of three Andhra men
14 hours ago
Kashmir advocacy group to intensify fight against drug addiction, women to lead awareness drive
