Samsung Android

TikTok fixed a security hole in its Android app that bypassed two-factor authentication [Video]

From 9to5google.com


TikTok fixed a security hole in its Android app that bypassed two-factor authentication [Video]

A vulnerability has just been disclosed in the TikTok app for Android, as well as TikTok on the web which made it relatively easy to bypass two-factor authentication entirely.

Uncovered by Lu3ky-13 on HackerOne, TikTok’s Android app had a gaping security hole that allowed users to bypass two-factor authentication without any special tools or methods. The vulnerability simply brute forces the login page, repeatedly logging in over and over again until, eventually, the two-factor authentication page is skipped and TikTok allows for a successful login to the account.

TikTok summarized the issue:

A vulnerability was found where a random timeout issue on a Two-Step Verification endpoint could have resulted in a potential bypass of authentication if multiple incorrect attempts were entered in quick succession. It was found that this vulnerability required access to the user’s email/password or phone number/code associated with the account and multiple bruteforcing attempts to bypass would be needed.

The vulnerability was first reported to TikTok in October 2022 and was patched in mid-December 2022 and is no longer active.

Of course, this vulnerability in TikTok assumes that a malicious party has your correct username and password. While this has been fixed, it’s a good reminder to keep up with password security, especially with recent security breaches such as the LastPass hack in recent memory.

You can see the vulnerability in action below.

More on Android:


Check out 9to5Google on YouTube for more news:

You’re reading 9to5Google — experts who break news about Google and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Google on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

The post TikTok fixed a security hole in its Android app that bypassed two-factor authentication [Video] first appeared on 9to5google.com

New reasons to get excited everyday.



Get the latest tech news delivered right in your mailbox

TikTok fixed a security hole in its Android app that bypassed two-factor authentication [Video]

5 Reasons Why You Should Try Online Horse Race Betting

In many places around the world, horse races are an attraction that a lot of people love to watch. With the fast-paced action and thrill that each game provides, it is no longer surprising to know that millions of fans have grown fond of it.
TikTok fixed a security hole in its Android app that bypassed two-factor authentication [Video]

NordLayer — more than a business VPN

Cybersecurity threats have become vast and more sophisticated. The rate of malware attacks and malicious activity counts within seconds despite the size or sector the organization belongs to — no one is safe enough to expect that foe actors will bypass vital company resources.

TikTok fixed a security hole in its Android app that bypassed two-factor authentication [Video]

You may also like

Subscribe
Notify of
0 Comments
Inline Feedbacks
View all comments
×
* Popular *
0
Would love your thoughts, please comment.x
()
x