Published on

Simple bug, mega impact! #snapchat #hackerone #cybersecurity #techtok #bugbounty #authorization

Simple Bug, Mega Impact! #snapchat #hackerone #cybersecurity #techtok #bugbounty #authorization

Snapchat recently disclosed a critical vulnerability that a diligent security researcher discovered and reported a year ago. This bug earned the researcher a handsome reward of $ 25,000. Let's break down the issue step-by-step.

The One-Tap Password Flow

The vulnerability was found in Snapchat's one-tap password flow, which is initiated via a specific URL. This URL logs the user out of their account and provides a key to log back in. The process relies on a unique user ID tied to each account.

The Exploit

The security researcher experimented by substituting the user ID in the URL with one from a different account he owned. To his surprise, it worked; he was able to retrieve the key for that other account. This indicated a significant oversight in Snapchat's security measures—they had neglected to include a check ensuring that users could only use this URL with their own user ID.

Escalating the Issue

The issue was compounded by the fact that obtaining a user's ID is relatively simple. By sending a friend request, anyone could obtain the user ID of almost any Snapchat user. Combining these factors, the researcher could potentially log in as any user on Snapchat.

Immediate Fix and Recognition

Recognizing the severity of the issue, Snapchat swiftly corrected the flaw. Fortunately, no malicious exploitation of this vulnerability was reported before the fix. It's a relief to finally have this critical information disclosed, and congratulations are in order for the researcher who reported this vulnerability and earned $ 25,000 for their efforts.

Keywords

  • Snapchat
  • Vulnerability
  • Security researcher
  • One-tap password flow
  • User ID
  • Bug bounty
  • Authorization check
  • Friend request

FAQ

Q: What was the nature of the vulnerability in Snapchat?
A: The vulnerability was in the one-tap password flow, where a unique URL lacked the necessary check to ensure that the user ID in the URL belonged solely to the person using it. This oversight allowed hackers to log in as other users.

Q: How could one exploit this vulnerability?
A: By substituting their own user ID with another user's ID in the one-tap password flow URL, hackers could retrieve login keys for any account.

Q: How could a hacker obtain another user's ID?
A: A user ID could be obtained by sending a friend request to the target user.

Q: What was Snapchat's response to discovering the vulnerability?
A: Snapchat immediately fixed the vulnerability and ensured that no further exploitation could occur using this method.

Q: What recognition did the security researcher receive?
A: The researcher was awarded $ 25,000 for reporting the vulnerability.

Read More