A Web Application PenTester , Nir Goldshlager, has identified a Security flaw in the Facebook's Employee Secure File Transfer that allowed him to reset the password of accounts.
The Secure File Transfer service provider "Acellion" provide service to Facebook's Employee for transferring files. The Acellion had removed the registration page to prevent unauthorized users from creating accounts.
However, the Researcher discovered that the registration page could still be accessed by someone who know exact direct location of registration form.
After he created the account, he started to analyze the service for a security flaw. He successfully managed to find a critical vulnerability. There is a html file "wmPassupdate.html" which is used for a Password Recovery in Accellion Secure Files Transfer.
He identified that there is referrer parameter used in the cookie that encoded with base64. By changing the values of this parameter, he could change the password of any account.
Facebook and Accellion fixed the issue after being notified by the Researcher. The also claimed to have reported 20+ different bugs in Accellion Secure File Transfer Service. They fixed all of those bugs.
The Secure File Transfer service provider "Acellion" provide service to Facebook's Employee for transferring files. The Acellion had removed the registration page to prevent unauthorized users from creating accounts.
However, the Researcher discovered that the registration page could still be accessed by someone who know exact direct location of registration form.
After he created the account, he started to analyze the service for a security flaw. He successfully managed to find a critical vulnerability. There is a html file "wmPassupdate.html" which is used for a Password Recovery in Accellion Secure Files Transfer.
 |
| Facebook Security Flaw |
He identified that there is referrer parameter used in the cookie that encoded with base64. By changing the values of this parameter, he could change the password of any account.
Facebook and Accellion fixed the issue after being notified by the Researcher. The also claimed to have reported 20+ different bugs in Accellion Secure File Transfer Service. They fixed all of those bugs.
The POC for the vulnerability:
