News

Twitter closes leak that attacker had posted from another account

By admin
Spread the love

Twitter has patched a leak that allowed an attacker to post tweets from another account. The vulnerability was discovered by a security researcher calling himself Kedrisch. He received a reward of 7560 dollars, which is about 6750 euros.

Kedric writes on his own blog that he found the vulnerability as part of a bug bounty program and that it was patched on February 28, two days after its discovery. His method used a part of Twitter that can be reached via ads.twitter.com. There, a user can upload media files such as images and videos.

He found out that it was possible to tweet or share the files from there with another Twitter user. By initially investigating the former, he discovered that it was possible to modify certain IDs in an intercepted mail request. By applying this technique to the share function, he was able to ensure that whoever he shared the file with was seen as its owner.

Twitter reports that a patch was released immediately after triage and that there is no indication that the vulnerability was used by anyone other than the discoverer.

You might also like
News

X begins to deploy the audio and video calling function (but only paying users can…

News

Telegram has over 800 million active users and is not yet profitable

News

Elon Musk: Twitter loses half of ad revenue

News

Tesla has started production of Cybertruck, almost four years after its unveiling

News

Xbox Community CEO Larry ‘Major Nelson’ Hryb is leaving Microsoft after…

News

Twitter starts sharing advertising revenue with Blue subscribers