About

Popular Posts

Search This Blog

Bruteforce password recovery code| Bug Bounty Poc | Bumble.com rewarded $1,000 bounty.

Share it:



Bug Hunter Id: https://hackerone.com/uyga

Summary

It's possible to brute force recovery code from SMS as iOS application doesn't have limits for incorrect inputs. I have tried 50+ different combinations until I reached code from SMS.

Steps To Reproduce

  1. Click "Use another option" on application startup view
  2. Enter your phone number
  3. Click "Forgotten number"
  4. Click "OK" on pop-up window
  5. Bruteforce 4 digits code

PoC video

Mitigation

  1. Limit quantity of attempts to enter recovery code
  2. Don't store recovery code on target device to compare it with user's input

Details

Devices: Iphone SE (13.2), Iphone 6s (12.4)
App: Bumble (5.140.0)

Impact

Account takeover.

Thank you✌✌✌

Share it:

Vulnerabilities