Password Reset Flaw Found in Facebook's Employee Secure File Transfer Service

Security researcher Nir Goldshlager is the one who identified the vulnerability

By Eduard Kovacs on January 7th, 2013 16:00 GMT

Security researcher Nir Goldshlager has identified a flaw in the Secure File Transfer service used by Facebook employees, which allowed him to reset the password of any account.

Accellion, the provider of the file transfer service, had removed the registration page to prevent unauthorized users from creating accounts. However, Goldshlager discovered that the registration page could still be accessed by someone who knew its location.

After creating an account and downloading the Accellion application, he attempted to reverse engineer the source code files, but since they were properly encrypted, he pursued a different attack vector.

He identified a “referer” parameter in the cookie used by a file called wmPassupdate.html – utilized by the application to recover forgotten passwords.

By changing the values of this parameter, he could set the password of any account to an arbitrary one.

After being notified by the expert, both Facebook and Accellion addressed the security holes. To see the details of the vulnerability, check out the video proof-of-concept published by Goldshlager.
Password Reset Flaw Found in Facebook's Employee Secure File Transfer Service – Video
Click to play video
MORE ON THIS TOPIC
LATEST NEWS
HOT RIGHT NOW

1 Comment