Facebook exposed a security vulnerability that can be brute-forced to bypass two-factor authentication

Security researchers from Nepal recently discovered a new vulnerability in the login system of Meta's Facebook, Instagram and other applications, allowing anyone to bypass Facebook's two-factor authentication.

"Anyone can exploit this vulnerability to bypass SMS-based two-factor authentication if they know the recipient's phone number," researcher Gtm Mänôz told TechCrunch.

Mänôz said the vulnerability existed in Meta Group's unified login system, where Meta did not set an attempt limit when users entered the two-factor code used to log into their accounts.

This means that all an attacker needs to know is the target's phone number or email address, and they can brute force the two-factor SMS code. Once the attacker obtains the correct verification code, the attacker can then launch subsequent attacks.

It is understood that even after the attacker successfully attacks, Meta will remind the user that the account has been linked to someone else's account, so two-factor authentication is disabled.

Mänôz reported the bug to the company last year, and Meta has now fixed the vulnerability. Meta eventually paid him $27,200 (currently about 184,000 RMB) for his discovery.

The fourth largest operator is preparing to release numbers, and will become a 5G market leader as soon as it enters the market

Blog

Facebook exposed a security vulnerability that can be brute-forced to bypass two-factor authentication

Bluetooth, WiFi and Zigbee: Which wireless technology is better?

If the TCP protocol is used, will there be no packet loss?

How Wi-Fi 6 and 5G are ushering in a new era of edge connectivity

I heard that the client will disappear within three years.

The fourth largest operator is preparing to release numbers, and will become a 5G market leader as soon as it enters the market

How O-band technology can help overcome implementation barriers from 5G to 6G

Huawei's Hou Jinlong: Grow together with global developers and win together in the new era of computing

Three ways to sign in with single sign-on, awesome!

No-nonsense version: What are the common high-risk ports? Why should you close them?

5 ways to instantly improve WiFi signal and instantly get full WiFi signal, the physics you don’t know

Recommend

Maxthon Hosting: Hong Kong CN2/CN2 High Defense/Korea CN2/Germany/Netherlands CU2VIP/Los Angeles CN2 GIA monthly payment starting from 54 yuan

A first look at the 6G era: frequency band exploration, wide-area coverage, cloud and connectivity

Mobile phone verification codes have become the scapegoat for cybercrime. Let me speak up for telecom operators!

Improving the value of colocation data centers with DCIM

5G and IoT bring big data boom

What are the deployments and arrangements for 5G in 2022? MIIT responds

Linux Network Monitoring Tools

Behind the 13 consecutive fines: When will the operators’ “low-price bidding” stop?

CMIVPS: US VPS monthly payment 60% off, annual payment 50% off, Seattle high-security AS4837 line optimization starting from $4/month

What is a Computer Network Hub?

The United States will cut off China's Internet in a minute? This is a popular science article certified by the Chinese Academy of Sciences

5G will explode with AI, cloud, and edge computing

There are about 180 million users of 5G packages using 4G terminals

Implementing a simple TCP custom protocol based on Kotlin

Three ways to improve WiFi signal