Meta has swiftly addressed a critical vulnerability within Facebook’s system, preventing potential exploitation by attackers to gain control over user accounts. The flaw, as identified by Nepalese researcher Samip Aryal, pertained to a rate-limiting issue within a specific endpoint of Facebook’s password reset flow.
Aryal’s discovery revealed that attackers could exploit this vulnerability to take over any Facebook account by brute-forcing a particular type of nonce. This flaw in the password reset procedure, specifically when users opt for the “Send Code via Facebook Notification” option, posed a significant security risk.
Meta, acknowledging the severity of the issue, promptly rewarded Aryal and his team for their discovery through Facebook’s bug bounty program. The researchers’ findings shed light on the vulnerabilities present in Facebook’s system, emphasizing the importance of robust security measures in safeguarding user data.
Further analysis by the researchers uncovered three critical conditions that paved the way for a brute-force attack. These conditions included the extended duration of the active nonce, consistent issuance of the same nonce code, and the absence of code invalidation after multiple unsuccessful attempts.
Upon selecting the “Send Code via Facebook Notification” option, a POST request is triggered to the vulnerable endpoint. Subsequently, researchers attempted to send a 6-digit code ‘000000’ to analyze the POST request sent to the vulnerable endpoint, revealing potential avenues for exploitation.
Meta’s swift response to addressing this vulnerability underscores its commitment to ensuring the security and privacy of its users. By promptly addressing and rectifying such vulnerabilities, Meta aims to maintain trust and confidence in its platform among its vast user base.
