Technology
Grindr flaw allowed hijacking accounts with just an email address – Yahoo Finance Australia
A Grindr vulnerability allowed anyone who knows a user’s email address to easily reset their password and hijack their account. A French security researcher na…
A Grindr vulnerability allowed anyone who knows a users email address to easily reset their password and hijack their account. All a bad actor needed to do was type in a users email address in the password reset page and then pop open the dev tools to get the reset token. By adding that token to the end of the password reset URL, they wont even need to access the victims inbox thats the exact link sent to the users email anyway. It loads the page where they can input a new password, giving them …
Continue Reading
