Head Topics

Meta’s Account Center came with a 2FA-defeating bug

Norge Nyheter Nyheter

Meta’s Account Center came with a 2FA-defeating bug
Norge Siste Nytt,Norge Overskrifter
  • 📰 verge
  • ⏱ Reading Time:
  • 51 sec. here
  • 2 min. at publisher
  • 📊 Quality Score:
  • News: 24%
  • Publisher: 67%

A researcher was able to brute force SMS codes.

It was a significant find, as Meta seems to be putting more and more focus on its Accounts Center feature, letting you manage settings and security information from it, as well as use it to. According to Mänôz, the attack was relatively simple; if you knew the phone number or email address the other person used for two-factor authentication, you could link it to your own account, which would remove it from the victim’s.

The thing that’s supposed to prevent this is a six-digit authentication code that gets sent to the other person’s account or phone number, which you don’t have access to. The bug Mänôz found, however, let an attacker guess that code however many times they wanted — set a program or script to do that task, and it would eventually guess right.

In the worst-case scenario , this would entirely turn off 2FA on the victim’s account. The fact that it was running through Account Center also defeated some other security measures; according to Mänôz’s post, Facebook wouldn’t usually let you add an already-registered email address to your account, but this method bypassed that.

Meta seems to have fixed the issue relatively quickly. Mänôz reported it on September 14th, 2022, and it was dealt with by mid-October after the company’s security team actually figured out how to test it. Meta ended up paying Mänôz a $27,200 bug bounty for reporting the issue.

Vi har oppsummert denne nyheten slik at du kan lese den raskt. Er du interessert i nyhetene kan du lese hele teksten her. Les mer:

verge /  🏆 94. in US

Norge Siste Nytt, Norge Overskrifter

Similar News:Du kan også lese nyheter som ligner på denne som vi har samlet inn fra andre nyhetskilder.

Disaster Recovery Center in Selma moves to new location - Alabama NewsDisaster Recovery Center in Selma moves to new location - Alabama NewsThe new location will be at the Felix Heights Community Center on Medical Center Parkway.
Les mer »

Recovery center open for the weekend, aiding people affected by destructive tornado in PasadenaRecovery center open for the weekend, aiding people affected by destructive tornado in Pasadena'You gotta go through storms before you get to the rainbow,' one man said after losing his home in Pasadena and now sleeps in his car with his two dogs.
Les mer »

Billy Packer was center of ridiculous backlash as sports world began declineBilly Packer was center of ridiculous backlash as sports world began declineBilly Packer, who died Thursday at 82, helped remind us that the sports world had gone — and remains — nuts.
Les mer »

New Tucson Medical Center program benefits rural heart patientsNew Tucson Medical Center program benefits rural heart patientsThe Tucson hospital has been offering remote cardio rehabilitation to patients living in Benson since September. TMC says it hopes to expand to other rural areas in southern Arizona.
Les mer »

Memphis beating video puts spotlight on first police accountMemphis beating video puts spotlight on first police accountNewly released video shows Memphis police officers battering motorist Tyre Nichols with punches and kicks and also using pepper spray and a baton
Les mer »

Memphis beating video puts spotlight on first police accountMemphis beating video puts spotlight on first police accountNewly released video shows Memphis police officers battering motorist Tyre Nichols with punches and kicks and also using pepper spray and a baton.
Les mer »



Render Time: 2025-03-11 01:09:15