Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Privacy Security

A Security Flaw In Grindr Let Anyone Easily Hijack User Accounts (techcrunch.com) 11

Grindr, one of the world's largest dating and social networking apps for gay, bi, trans, and queer people, has fixed a security vulnerability that allowed anyone to hijack and take control of any user's account using only their email address. TechCrunch reports: Wassime Bouimadaghene, a French security researcher, found the vulnerability and reported the issue to Grindr. When he didn't hear back, Bouimadaghene shared details of the vulnerability with security expert Troy Hunt to help. The vulnerability was fixed a short time later. Bouimadaghene found the vulnerability in how the app handles account password resets.

To reset a password, Grindr sends the user an email with a clickable link containing an account password reset token. Once clicked, the user can change their password and is allowed back into their account. But Bouimadaghene found that Grindr's password reset page was leaking password reset tokens to the browser. That meant anyone could trigger the password reset who had knowledge of a user's registered email address, and collect the password reset token from the browser if they knew where to look.

The clickable link that Grindr generates for a password reset is formatted the same way, meaning a malicious user could easily craft their own clickable password reset link -- the same link that was sent to the user's inbox -- using the leaked password reset token from the browser. With that crafted link, the malicious user can reset the account owner's password and gain access to their account and the personal data stored within, including account photos, messages, sexual orientation and HIV status and last test date.

This discussion has been archived. No new comments can be posted.

A Security Flaw In Grindr Let Anyone Easily Hijack User Accounts

Comments Filter:
  • by memory_register ( 6248354 ) on Friday October 02, 2020 @06:09PM (#60566486)
    Backdoor caused by leakage on Grindr? Can we name it the Santorum bug, pretty please?
    • The people using this site are looking to get backdoored, so what's the problem here?

      "That's not a bug, it's a feature!"

      "Got what I came here for. Would come again. A++"

    • by bosef1 ( 208943 )

      I guess the Grindr IT team will have to take a long, hard look at their source code, and ensure there aren't even any pinholes in their data protection (perhaps by some automatic electronic mechanism). It sounds like they may also want to explore some third-party penetration testing with a trusted partner. As much as it makes it harder on the other users of the system, we all know security is one of the areas to be anal about, as even one leak can cause a permanent stain on one's reputation.

  • Comment removed based on user account deletion
    • Comment removed based on user account deletion
    • *Hope* this type leakage isn't to common in ,more, sites. (also SlashDot) Have tried it and get a box with old password already filled in but did not find that box info with 'view page source'. So i'm not sure if it is leaked or it got that info from the local password manager.
  • They should stick to master Bingo. It's like regular Bingo, but you play with yourself.
  • How come this reset token is available in the frontend of an application? I can't figure out any scenario where it makes sense or even helps cut corners.

    I guess the full-stack-devops-l33t-k00l-kid who implemented this also does all input validation in the frontend.

You know you've landed gear-up when it takes full power to taxi.

Working...