{"id":891,"date":"2024-03-01T10:46:56","date_gmt":"2024-03-01T08:46:56","guid":{"rendered":"https:\/\/techlance.ddns.net\/?p=891"},"modified":"2024-03-01T10:47:06","modified_gmt":"2024-03-01T08:47:06","slug":"facebook-virhe-olisi-voinut-antaa-hyokkaajalle-mahdollisuuden-ottaa-haltuunsa-tileja","status":"publish","type":"post","link":"https:\/\/techlance.ddns.net\/en\/facebook-virhe-olisi-voinut-antaa-hyokkaajalle-mahdollisuuden-ottaa-haltuunsa-tileja\/","title":{"rendered":"Facebook-virhe olisi voinut antaa hy\u00f6kk\u00e4\u00e4j\u00e4lle mahdollisuuden ottaa haltuunsa tilej\u00e4"},"content":{"rendered":"<p>Facebookissa ollut haavoittuvuus olisi voinut antaa hy\u00f6kk\u00e4\u00e4j\u00e4lle mahdollisuuden ottaa haltuunsa Facebook-tilin ilman, ett\u00e4 uhrin tarvitsisi klikata mit\u00e4\u00e4n.<\/p>\n\n\n\n<p>Virheen l\u00f6ysi Nepalin palkkionmets\u00e4st\u00e4j\u00e4 nimelt\u00e4 Samip Aryal, ja Facebook on nyt korjannut sen.<\/p>\n\n\n\n<p>Etsiess\u00e4\u00e4n tilin kaappaus -haavoittuvuutta nelj\u00e4 kertaa Meta Whitehat -palkinnon saanut Aryal aloitti tarkastelemalla sovelluksen poistamisen ja uudelleenasentamisen prosessia Androidilla. K\u00e4ytt\u00e4en useita erilaisia k\u00e4ytt\u00e4j\u00e4agentteja h\u00e4n kohtasi mielenkiintoisen vastauksen salasanan palautusprosessissa.<\/p>\n\n\n\n<p>A vulnerability in Facebook could have allowed an attacker to take over a Facebook account without the victim needing to click on anything at all. The bug was found by a bounty hunter from Nepal called Samip Aryal and has now been fixed by Facebook. In his search for an account takeover vulnerability, the four times Meta Whitehat award receiver started by looking at the uninstall and reinstall process on Android. By using several different user agents he encountered an interesting response in the password reset flow<\/p>\n\n\n\n<p><a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2024\/02\/facebook-bug-could-have-allowed-attacker-to-take-over-accounts\">https:\/\/www.malwarebytes.com\/blog\/news\/2024\/02\/facebook-bug-could-have-allowed-attacker-to-take-over-accounts<\/a><\/p>","protected":false},"excerpt":{"rendered":"<p>Facebookissa ollut haavoittuvuus olisi voinut antaa hy\u00f6kk\u00e4\u00e4j\u00e4lle mahdollisuuden ottaa haltuunsa Facebook-tilin ilman, ett\u00e4 uhrin tarvitsisi klikata mit\u00e4\u00e4n. Virheen l\u00f6ysi Nepalin [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[9],"tags":[15],"class_list":["post-891","post","type-post","status-publish","format-standard","hentry","category-security","tag-tietoturva"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/techlance.ddns.net\/en\/wp-json\/wp\/v2\/posts\/891","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techlance.ddns.net\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techlance.ddns.net\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techlance.ddns.net\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/techlance.ddns.net\/en\/wp-json\/wp\/v2\/comments?post=891"}],"version-history":[{"count":0,"href":"https:\/\/techlance.ddns.net\/en\/wp-json\/wp\/v2\/posts\/891\/revisions"}],"wp:attachment":[{"href":"https:\/\/techlance.ddns.net\/en\/wp-json\/wp\/v2\/media?parent=891"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techlance.ddns.net\/en\/wp-json\/wp\/v2\/categories?post=891"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techlance.ddns.net\/en\/wp-json\/wp\/v2\/tags?post=891"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}