Security scientists have identified a critical account takeover vulnerability in gay dating app Grindr, which could have uncovered users to blackmail and identification theft.
The application is claimed to have all-around 27 million global people currently, and stores very delicate facts in users’ accounts, together with messages with other consumers, photographs, sexual orientation and HIV status.
Which is a person of the factors its ownership by Chinese firm Kunlun was deemed a national security risk and a forced sale to a US firm ensued.
Security specialist Troy Hunt identified the Grindr flaw immediately after being tipped off by researcher Wassime Bouimadaghene, who experienced not gained a reaction from its mum or dad firm.
Soon after getting a search, he found out that when a consumer requests a password reset, Grindr sends the reset token to their browser in its response.
This means an attacker with understanding of the email utilised by a specific person to register with the web page could hijack that individual’s account — only by copying and pasting the token into a password reset URL.
After the app’s password had been reset, Hunt was also capable to access the exact same account on the web site edition.
“This is one particular of the most standard account takeover approaches I’ve found,” he argued.
“I can’t fathom why the reset token — which must be a key important — is returned in the reaction entire body of an anonymously issued request. The simplicity of exploit is unbelievably lower and the impression is obviously major, so plainly this is some thing to be taken severely.”
Hunt also located Grindr’s vulnerability administration response and triage to be identified seeking, though at the time he lastly acquired via to the firm’s security workforce the issue was mitigated within just the hour.
Grindr stated in response that it will be launching a new bug bounty plan going forward, and is partnering with a “leading security firm” to make it a lot easier for scientists to report issues they obtain with the application.
Some sections of this write-up are sourced from: