This Blog post will summarize the Bug which i found in Facebook and reported.
The following were done accidentally when i decided to change my mobile from Nokia 520 to Moto G3
Summary: A single Facebook account is available in two different devices( Mobile & Desktop) wih two different passwords at the same time
Steps To reproduce:
1. Open your account in desktop (Save password while logging in)
Account used: Boopathi Guganathan
2.Download Facebook app in any mobile (Mobile used Nokia 520 Windows) and login in the facebook app (The facebook app never asks for password every time you open it in mobile)
3.Now in Desktop try to change the password for the test account (Password successfully changed)
4.Login with new password in Desktop
Now here is what that stunned me.
The same account is usable in two devices Mobile (with old password) and Desktop (With new password)
Now i have 3 questions here,
1.What if i sell my mobile without uninstalling the Facebook app.
Is this a Security vulnerability?
2.Should i get any Notification while installing facebook in the new phone
3.Should the Facebook app in the old phone be deactivated. But how?
I have unanswered questions
I will suggest the readers to try out the above issue in different mobile phones and let me know the comments.
The issue was actually reported some months back to facebook and here is the reply that i have got.
Any Bugs to be reported to Facebook please find information in the following link.
Have a Nice Weekend.