Facebook said to fix OAuth-based account hijacking flaw

The vulnerability could have allowed attackers to steal OAuth tokens and access Facebook account, a researcher says

By Lucian Constantin, IDG News Service |  Security

The researcher claims that he also found other OAuth-related vulnerabilities that affect Facebook, but declined to reveal any information about them because they haven't been fixed yet.

Facebook runs a bug bounty program through which it pays monetary rewards to security researchers who find and responsibly report vulnerabilities affecting the site.

Goldshlager said on Twitter that he has not yet been paid by Facebook for reporting this vulnerability, but noted that his report included multiple vulnerabilities and that he will probably receive the reward after all of them get fixed.

Facebook pays security researchers very well for finding and reporting bugs, Goldshlager said via email. "I can't say how much, but they pay more then any other bug bounty program that I know."

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness