In brief LGBTQ dating site Grindr has squashed a security bug in its website that could have been trivially exploited to hijack anyone's profile using just the victim's email address.
French bug-finder Wassime Bouimadaghene spotted that when you go to the app's website and attempt to reset an account's password using its email address, the site responds with a page that tells you to check your inbox for a link to reset your login details – and, crucially, that response contained a hidden token.
It turned out that token was the same one in the link emailed to the account owner to reset the password. Thus you could enter someone's account email address into the password reset page, inspect the response, get the leaked token, construct the reset URL from the token, click on it, and you'd get to the page to enter a new password fo ..
Support the originator by clicking the read the rest link below.
