Major Security Flaw Facebook Refused to Correct

Security researcher Egor Homakov, owner of the security company Sakurity informed Facebook a year ago about a vulnerability, which could allow hackers to take over Facebook pages.

Facebook has refused to correct the grounds that the patch would have ended compatibility with a large number of sites using this service, so Homakov posted a tool on the site Reconnect, which exploits the vulnerability and helps hack the accounts according to Marc Sparks.

The flaw doesn’t work directly on the Facebook login page. The vulnerability is within third-party account connections, and it does make it easier for hackers to access the account via third-party websites, like Bit.ly, About.me, Stumbleupon, Angel.co, Mashable and Vimeo.

“It’s a situation that we understand,” said the social network in a statement sent by email. “Web developers who use Facebook Login can avoid the problem by following our best practices and using the state parameter we provide for OAuth Login”.

Facebook also said that the social network had “made several changes to prevent Cross-site Request Forgery (CSRF) connections” and they were studying “alternatives that preserve the Facebook Login functionality implemented by a large number of sites.”

1 Comment on "Major Security Flaw Facebook Refused to Correct"

  1. Facebook has attempted to make the imperfection more hard to misuse for programmers, in a way that does not expel the component, and they gave some counsel to site engineers. That is a certain way for them to know if is ninjaessays good another expression that may be used and it is more likely they are getting ahead of themselves in this regard and it also make them do more than they can which may not be far from the truth in any way.

Leave a comment

Your email address will not be published.


*