Technology Other News 27 Aug 2019 Chennai man wins 10, ...

Chennai man wins 10,000 dollars for spotting Instagram app flaw

DECCAN CHRONICLE.
Published Aug 27, 2019, 9:09 am IST
Updated Aug 27, 2019, 9:23 am IST
Laxman Muthiya, a tech enthusiast, had also won USD 30,000 just a month ago for pointing out another vulnerability for Facebook.
The security flaw basically allowed attackers to hack Instagram accounts without permission.
 The security flaw basically allowed attackers to hack Instagram accounts without permission.

Laxman Muthiyah, a techie from Chennai, the capital of Tamil Nadu, India recently discovered a new account takeover vulnerability on Instagram, the photo and video sharing application. He won a sum of USD 10,000 as part of the app’s bug bounty programme.

The security flaw basically allowed attackers to hack Instagram accounts without permission.

 

Muthiyah had also won USD 30,000 just a month ago in July when he shed light on another security vulnerability for Facebook, the same parent company.

"Facebook and Instagram security team fixed the issue and rewarded me USD 10000 as a part of their bounty programme," said Muthiyah in a blog post.

Muthiyah had discovered that the same device ID that Instagram uses to validate password resets, could also be used to request more than one passcodes of various users.

"You identified insufficient protections on a recovery endpoint, allowing an attacker to generate numerous valid nonces to ten attempt recovery," said Facebook in a letter to Muthiyah. The company has since fixed the issue.

Click on Deccan Chronicle Technology and Science for the latest news and reviews. Follow us on Facebook, Twitter

...




ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT