Take the pledge to vote

For a better tommorow#AajSawaroApnaKal
  • I agree to receive emails from News18

  • I promise to vote in this year's elections no matter what the odds are.
  • Please check above checkbox.

    SUBMIT

Thank you for
taking the pledge

Vote responsibly as each vote counts
and makes a diffrence

Disclaimer:

Issued in public interest by HDFC Life. HDFC Life Insurance Company Limited (Formerly HDFC Standard Life Insurance Company Limited) (“HDFC Life”). CIN: L65110MH2000PLC128245, IRDAI Reg. No. 101 . The name/letters "HDFC" in the name/logo of the company belongs to Housing Development Finance Corporation Limited ("HDFC Limited") and is used by HDFC Life under an agreement entered into with HDFC Limited. ARN EU/04/19/13618
Tech
News18 » Tech
1-min read

Chennai Techie Wins $10,000 For Locating Flaw on Instagram

Facebook has now fixed the vulnerability that Muthiyah reported, where the same device ID, the unique identifier used by the Instagram server to validate password reset codes, could be used to request multiple passcodes of different users.

IANS

Updated:August 26, 2019, 2:59 PM IST
facebookTwitterskypewhatsapp
Chennai Techie Wins $10,000 For Locating Flaw on Instagram
Representative Image. (Reuters)
Loading...

Barely a month after winning $30,000 from Facebook for spotting a flaw in Instagram, Chennai-based security researcher Laxman Muthiyah on Monday said he again discovered a new account takeover vulnerability on the photo and video-sharing app. This time he has won $10,000 as part of the social network's bug bounty programme. The new vulnerability that Muthiyah spotted was similar to the one he reported in July and allowed anyone to hack Instagram accounts without consent permission.

Facebook has now fixed the vulnerability that Muthiyah reported. "Facebook and Instagram security team fixed the issue and rewarded me $10000 as a part of their bounty programme," Muthiyah said in a blog post. Muthiah found that the same device ID - the unique identifier used by the Instagram server to validate password reset codes - can be used to request multiple passcodes of different users.

He showed that this vulnerability can be exploited to hack Instagram accounts. "You identified insufficient protections on a recovery endpoint, allowing an attacker to generate numerous valid nonces to ten attempt recovery," Facebook said in a letter to Muthiyah.

Get the best of News18 delivered to your inbox - subscribe to News18 Daybreak. Follow News18.com on Twitter, Instagram, Facebook, Telegram, TikTok and on YouTube, and stay in the know with what's happening in the world around you – in real time.

| Edited by: Chhavianshika Singh
Read full article
Loading...
Next Story
Next Story

Also Watch

facebookTwitterskypewhatsapp

Live TV

Countdown To Elections Results
To Assembly Elections 2018 Results