Home » Technology » Identifies a bug in the Account Center that allows you to disable Facebook’s two-factor authentication

Identifies a bug in the Account Center that allows you to disable Facebook’s two-factor authentication

MADRID, 31 Ene. (Portaltic/EP) –

A flaw in the Meta Account Center, which combines the management of the accounts of the two social networks of the company, has allowed malicious actors to disable two-factor authentication on Facebook for a user just by knowing their phone number.

Cybersecurity researcher Gtm Mänôz found that Meta had not established a limited number of attempts to access the account with the two-factor authentication via SMS activated within the new interface for the Account Center.

Due to this ruling, an attacker could, if he knew the victim’s phone number, link it to your own account as part of the two-factor system. When trying to confirm the change, a six-digit code sent to the mobile is requested, which the attacker does not know at the moment.

Nevertheless, with no limit on attempts, you can initiate a brute force attack, try to enter as many six-digit combinations as you can until you find the one that allows you to access. At that point, what happens is that the victim’s phone number has been successfully linked to the attacker’s account.

The victim, for his part, will receive a notification indicating that your phone number has been unlinked from your account, as it is part of someone else’s two-factor authentication system. Due, will have two-factor authentication disabled, This will make you more vulnerable to attacks trying to access your account.

Mänôz identified this flaw last year, as he explains in his blog a Medium. On September 14, he sent the corresponding report to Meta and after requesting the researcher’s help to reproduce it, a few days later the technology company managed to eliminate it, although it was not until October 17 that it finally solved it.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.