An Indian developer has been awarded a bounty of $30,000 by Instagram for flagging a bug that could allow any to view archived posts, Stories, Reels and IGTV without following the user — when the profile of the former is private. The Indian developer, Mayur Fartade, detailed the issue in a post on Medium. He said this bug could allow a potential attacker to “to regenerate valid cdn url of archived stories and posts. Also by brute-forcing Media ID’s, the attacker was able to store the details about specific media and later filters which are private and archived.”via ©Times Of India
No comments:
Post a Comment