Grindr’s Reset Token Weakness: A Specialized Big Plunge

Grindr’s Reset Token Weakness: A Specialized Big Plunge

Compensation sci and cyber protection

Matchmaking apps store a treasure trove of data concerning their customers which will make them an encouraging goal for destructive actors.

On March 3, 2020, researchers ( Wassime Bouimadaghene that discovered the weakness, and Troy pursuit whom described they) revealed they got receive a burglar alarm weakness through the dating application Grindr.

This vulnerability granted you to access the password reset connect for a merchant account if they recognized the users e-mail. The password reset page would are the code readjust token within the reaction to the consumer, this reset token might just be e-mailed into user.

The diagram below depicts how this transaction hypothetically should occur. Continuer la lecture de « Grindr’s Reset Token Weakness: A Specialized Big Plunge »