Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Facebook said to fix OAuth-based account hijacking flaw

Lucian Constantin | Feb. 25, 2013
The vulnerability could have allowed attackers to steal OAuth tokens and access Facebook account, a researcher says

Facebook runs a bug bounty program through which it pays monetary rewards to security researchers who find and responsibly report vulnerabilities affecting the site.

Goldshlager said on Twitter that he has not yet been paid by Facebook for reporting this vulnerability, but noted that his report included multiple vulnerabilities and that he will probably receive the reward after all of them get fixed.

Facebook pays security researchers very well for finding and reporting bugs, Goldshlager said via email. "I can't say how much, but they pay more then any other bug bounty program that I know."


Previous Page  1  2 

Sign up for Computerworld eNewsletters.