Me and my Bug

This Blog post will summarize the Bug which i found in Facebook and reported.
The following were done accidentally when i decided to change my mobile from Nokia 520 to Moto G3

Summary: A single Facebook account is available in two different devices( Mobile & Desktop) wih two different passwords at the same time

Steps To reproduce:
1. Open your account in desktop (Save password while logging in)
Account used: Boopathi Guganathan

2.Download Facebook app in any mobile (Mobile used Nokia 520 Windows) and login in the facebook app (The facebook app never asks for password every time you open it in mobile)

3.Now in Desktop try to change the password for the test account (Password successfully changed)

4.Login with new password in Desktop

Observation:
Now here is what that stunned me.
The same account is usable in two devices Mobile (with old password) and Desktop (With new password)

Now i have 3 questions here,

1.What if i sell my mobile without uninstalling the Facebook app.
Is this a Security vulnerability?
2.Should i get any Notification while installing facebook in the new phone
3.Should the Facebook app in the old phone be deactivated. But how?

I have unanswered questions

I will suggest the readers to try out the above issue in different mobile phones and let me know the comments.

The issue was actually reported some months back to facebook and here is the reply that i have got.

facebook

Any Bugs to be reported to Facebook please find information in the following link.

https://www.facebook.com/BugBounty

Cheers!
Have a Nice Weekend.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s