Imagine running a dating app and being told accounts could be easily hijacked. How did that feel, Grindr?

3 October 2020

In brief LGBTQ dating site Grindr has squashed a security bug in its website that could have been trivially exploited to hijack anyone’s profile using just the victim’s email address. French bug-finder Wassime Bouimadaghene spotted that when you go to the app’s website and attempt to reset an account’s password using its email address, the site responds with a page that tells you to check your inbox for a link to reset your login details – and, crucially, that response contained a hidden token.

Read full article on The Register

Date:

3 October 2020

Categorie(s):

NEWS

Tag(s):

Grindr, How, Imagine, IT, News

Offensive Awakening: The 2024 Shift from Defensive to Proactive Security5 May 2024
End-to-end encryption may be the bane of cops, but they can’t close that Pandora’s Box5 May 2024
Week in review: PoCs allow persistence on Palo Alto firewalls, Okta credential stuffing attacks5 May 2024
Navigating the Digital Age: AI’s Crucial Role in Cybersecurity Reinforcement5 May 2024
Dating apps kiss’n’tell all sorts of sensitive personal info4 May 2024