In association with heise online

12 April 2011, 14:56

Facebook closes security hole

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Facebook logo Facebook has eliminated a bug in the social networking service's password reset functionality which could have been used to reveal the passwords of a small number of users who also use Hotmail. Serkan Gencel, a Turkish security researcher, told CNET that, where a user used their Hotmail email address for their Facebook account, it was possible for a third party to reset their password. No details of the mechanics of the operation of the vulnerability were given.

Gencel first informed Facebook of the vulnerability before taking the story to the media. According to CNET, Facebook has now confirmed the vulnerability and closed the hole quickly. In a statement, Facebook thanked the researcher for adopting a responsible disclosure policy and not placing the public at risk.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit