A major security flaw affecting the dating app Grinder has allowed attackers to take over potentially any user’s account, provided they know or guess the email address associated with it.
The vulnerability enabled a full account to be used using a minor attack in which only the attacker had to enter a valid email address for the target account.
This has since been determined, but Hunt noted that the potential for sensitive information provided to the attackers was related to the nature of the access.
All the attackers needed to do to launch this attack was to go to the Grinder Password Reset page, where they would enter the email address of the target account.
After the capture is complete on this page, a notification is displayed stating that the password reset link has been emailed to the user.
However, checking the feedback using the browser’s development tool revealed a password reset token, which can be pasted into the reset URL without the need to access the password reset email.
The attacker could then reset the user’s password and use the new credentials to log in to the user’s Grinder account via the mobile app.
The information that was exposed by this vulnerability includes age, weight, race, HIV status and many more.
Completely taking the victim’s account by an attacker will also expose personal messages and other sensitive information such as images.
Grinder has fixed this weakness, believing that the issue was resolved before it was exploited by the attackers.
“As part of our commitment to improving the security and safety of our services, we are partnering with a leading security firm to simplify and improve the ability of security researchers to report issues like these,” the company said. Told TechCrunch.
“In addition, we’ll be announcing a new Bug Bounty program soon to give researchers more incentives to help us keep our service safe.”