We all know that software vulnerabilities are plugging imaginative applications on every platform. For example, things become more difficult when we are talking about sensitive applications like Grinder. A French security researcher named Assim bi Imadagin found a serious vulnerability in a dating app that could allow hackers to easily hijack accounts using victims’ emails. The French then approached two other security researchers to shed light on the issue. Grinder’s own security team got involved only after one of them (Troy Hunt) posted about the problem on Twitter.
The vulnerability uses the “Forgot Password” view. Attackers just need to enter the victim’s email and then open the Dev Console to get a “password reset” token. Equipped with it, they can easily change the password and hijack the account. One of the security researchers called the issue “one of the most basic account takeover techniques.”
“Image – Troy Hunt”
“We are grateful to the researcher who identified the vulnerability. Reporting issue resolved. Thankfully, we believe we have considered this issue before it is exploited by any malicious parties. As part of our commitment to improving the safety and security of our services, we are partnering with a leading security company to simplify and improve the ability of security researchers to report such issues. In addition, we’ll be announcing a new Bug Bounty program soon to provide additional incentives to help researchers keep their service safe, ”he said. Said Grinder’s chief operating paramedic R Fischer Rick Marini TechCrunch.