

Load More

 Trendy Right Now

Home Vulnerabilities Bruteforce password recovery code| Bug Bounty Poc | Bumble.com rewarded $1,000 bounty.

Vulnerabilities

Bruteforce password recovery code| Bug Bounty Poc | Bumble.com rewarded $1,000 bounty.

Nahid HasanTechnology January 20, 2020

Bug Hunter Id: https://hackerone.com/uyga

Summary

It's possible to brute force recovery code from SMS as iOS application doesn't have limits for incorrect inputs. I have tried 50+ different combinations until I reached code from SMS.

Steps To Reproduce

Click "Use another option" on application startup view
Enter your phone number
Click "Forgotten number"
Click "OK" on pop-up window
Bruteforce 4 digits code

PoC video

https://youtu.be/QV80pD0wZsE

Mitigation

Limit quantity of attempts to enter recovery code
Don't store recovery code on target device to compare it with user's input

Details

Devices: Iphone SE (13.2), Iphone 6s (12.4)
App: Bumble (5.140.0)

Impact

Account takeover.

Thank you✌✌✌