Facebook exposed a security vulnerability that can be brute-forced to bypass two-factor authentication

Security researchers from Nepal recently discovered a new vulnerability in the login system of Meta's Facebook, Instagram and other applications, allowing anyone to bypass Facebook's two-factor authentication.

"Anyone can exploit this vulnerability to bypass SMS-based two-factor authentication if they know the recipient's phone number," researcher Gtm Mänôz told TechCrunch.

Mänôz said the vulnerability existed in Meta Group's unified login system, where Meta did not set an attempt limit when users entered the two-factor code used to log into their accounts.

This means that all an attacker needs to know is the target's phone number or email address, and they can brute force the two-factor SMS code. Once the attacker obtains the correct verification code, the attacker can then launch subsequent attacks.

It is understood that even after the attacker successfully attacks, Meta will remind the user that the account has been linked to someone else's account, so two-factor authentication is disabled.

Mänôz reported the bug to the company last year, and Meta has now fixed the vulnerability. Meta eventually paid him $27,200 (currently about 184,000 RMB) for his discovery.

DogYun (Dog Cloud) Spring Festival dynamic cloud 30% off, classic cloud 20% off, top up 100 yuan to get 10 yuan, Hong Kong VPS annual payment starts from 199 yuan

Blog

Facebook exposed a security vulnerability that can be brute-forced to bypass two-factor authentication

Why is the 5G signal weak and the network keeps dropping? Here is the truth

my country's broadband users reach 510 million: 100M rate reaches 91.5% and Gigabit users exceed 14 million

Why is CDN designed this way?

Sharktech: $59/month 1Gbps unlimited traffic server, E3-1270v2/16GB/500G SSD/Los Angeles high defense

DogYun (Dog Cloud) Spring Festival dynamic cloud 30% off, classic cloud 20% off, top up 100 yuan to get 10 yuan, Hong Kong VPS annual payment starts from 199 yuan

Network | How to design a billion-level API gateway?

Cloud computing, IoT and SDN pose the biggest challenges to enterprise networks

What does Wi-Fi 6 and 5G convergence look like?

The network is too slow to get a subscription?! A hardcore comparison tells you which is faster, 5G or Wi-Fi 6!

Interesting explanation of bearer: PTN and IPRAN in one article

Recommend

7 things you need to know to successfully deploy AIOps

RackNerd New Year promotion starts at $10.99/year, 8 data centers available in San Jose, Los Angeles, etc.

A white-label vendor's perspective: The evolution of minimalist switch NOS

Friendhosting Christmas/New Year promotion, 40% off all VPS hosts, unlimited traffic in multiple computer rooms

The role of fiber in integrated infrastructure development

The Internet of Identity is coming, and IAM will undergo a major change

How to cultivate talents needed for ecological collaboration? Huawei's talent ecosystem indicates that AI talents are the key training targets

Operators' operating data in April: 5G package users increased by 21.16 million, totaling about 870 million

Thousands of face photos can be bought for 2 yuan! CCTV reveals the black market of AI! The truth is far more than this

Wi-Fi in an IoT World

【Funny story】An attack launched by a network cable

ExtraVM: 1Gbps unlimited traffic VPS starting from $5 per month, in data centers such as Los Angeles/Dallas/Netherlands/Japan/Singapore

Four questions about 5G: Internet speed is 100 times faster and everything is connected

[Black Friday] AlphaVPS: AMD Ryzen series from €15.99/year, large hard drive VPS from €19.99/year, Los Angeles/Germany/Bulgaria data centers

Using machine learning to disrupt the traditional experience of the Tour de France is not the only ambition of Dimension Data!