Monday, December 9, 2024
HomeCVE/vulnerabilityA Facebook Vulnerability that Allows to Reveals the Facebook Page Admin Identity

A Facebook Vulnerability that Allows to Reveals the Facebook Page Admin Identity

Published on

SIEM as a Service

A new facebook vulnerability discovered by the Security researcher that allows revealing the Facebook page admin identity in plain text.

Facebook introduced new future for Page Admins that allows to getting page followers by targeting the specific audience who is liked the page post but not the page.

So if you liked the specific post from any page that you’re actually not following, page notifying you via mail that let you recommend to like the concern page.

- Advertisement - SIEM as a Service

Security Researchers Mohamed, who received the same notification to his inbox and he made an investigation in this regards and find this Vulnerability.

Also Read:  Facebook Vulnerability May Allow an Attacker to Perform Phishing Attack

“He said, One day I liked one of the posts of a specific page but i didn’t liked or followed the page itself after a few days I got an email notification from Facebook regarding an invitation to like the page that i did already liked one of its posts, I was amazed by the feature but i realized that this is a feature to target non-fans and i was wondering what could go wrong since this is a new feature ?”

Since there is no possibility to initiate any attacks, he investigates the Email Notification and he analysis the Mail header by clicking  showing the “Original” of the message (that can be achieved by clicking on the little drop-down menu arrow beside the message reply button)

Finally, he finds the information about the page and the admin of the page and other related information.

Later he reported this bug to the Facebook security team and  Facebook awarded a bug bounty of $2500.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

DaMAgeCard Attack – New SD Card Attack Lets Hackers Directly Access System Memory

Security researchers have identified a significant vulnerability dubbed "DaMAgeCard Attack" in the new SD...

Deloitte Denies Breach, Claims Only Single System Affected

Ransomware group Brain Cipher claimed to have breached Deloitte UK and threatened to publish...

Top Five Industries Most Frequently Targeted by Phishing Attacks

Researchers analyzed phishing attacks from Q3 2023 to Q3 2024 and identified the top...

Russian BlueAlpha APT Exploits Cloudflare Tunnels to Distribute Custom Malware

BlueAlpha, a Russian state-sponsored group, is actively targeting Ukrainian individuals and organizations by using...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

Multiple SonicWall Vulnerabilities Let Attackers Execute Remote Code

SonicWall has issued a critical alert regarding multiple vulnerabilities in its Secure Mobile Access...

Django Security Update, Patch for DoS & SQL Injection Vulnerability

 The Django team has issued critical security updates for versions 5.1.4, 5.0.10, and 4.2.17....

Rockwell Automation Warns of Multiple Code Execution Vulnerabilities in Arena

Rockwell Automation has issued a critical security advisory addressing multiple remote code execution (RCE)...