Chennai Techie finds yet another Instagram bug, rewarded $10,000

The new vulnerability that Laxman Muthiyah noticed was almost like the one he reported in July and allowed anyone to hack Instagram accounts without consent permission.


Facebook has currently repaired the vulnerability that Laxman Muthiyah found.


Barely a month after winning $30,000 from Facebook for locating a flaw in Instagram, Chennai-based security research worker Laxman Muthiyah on Monday said he once more discovered a brand new account takeover vulnerability on the image and video-sharing app. now he has won $10,000 as a part of the social network’s bug bounty program.


The new vulnerability that Mr. Muthiyah noticed was almost like the one he reported in July and allowed anyone to hack Instagram accounts without consent permission.


Facebook has currently repaired the vulnerability that Laxman Muthiyah found.


“Facebook and Instagram security team repaired the problem and rewarded me $10000 as a part of their bounty programme,” Mr. Muthiyah said in a web blog post.


He found that the same device ID – the distinctive symbol utilized by Instagram server to validate password reset codes – can be used to request multiple pass codes of various users.


He showed that this vulnerability may be exploited to hack Instagram accounts.


“You identified too little protections on a recovery end point, permitting an assailant to generate various valid nonces to 10 attempt recovery,” Facebook said in a letter.

This entry was posted in instagram. Bookmark the permalink.