Broken session management leads to bypass 2FA and Permanent access to Facebook user’s

Mahmoud Barakat
Nov 19 · 2 min read
Zuck

The story began when i received a notification from a friend about a donation campaign for his birthday. while using Facebook-App (IOS) when i tried to click donate button it redirected me to Web-browser version to make a donation using Creditcard or Paypal, throw this endpoint {/donation/login/?nonce=xxxxx&uid=xxxxxx}

Donation Feature

https://m.facebook.com/donation/login/?nonce=xxxxxx&uid={USER_ID}

I noticed that when go to Facebook.com in your Web Browser even if you didn’t signed in with your Facebook account the Facebook will automatically redirect you to your Facebook-Account without any password or any authentication !!

So I did the same scenario again but I copied the link https://m.facebook.com/donation/login/?nonce=xxxxxx&uid={USER_ID} and sent it to a friend i noticed that he got access to my Facebook account without any authentication (2FA — Password) and if you tried to change your password he’ll still has access to your Facebook !!

Steps :

  1. Go to donate to any organization from Facebook App(IOS)
    EX: https://www.facebook.com/donate/xxx/xxx/

2. Try to make a donation
3. You will be redirected to endpoint “https://m.facebook.com/donation/login/?nonce=xxxxxx&uid=xxxxxx “
4. Copy this link and try to use it from another device which you didn’t signed-in with your Account before.
5. Go to Facebook.com then you will be redirected automatically to the victim account.
6. Getting access into the Facebook account without Password or 2FA (even if the victim changed the password or remove all session you will still getting access to Facebook account.)

Impact :

  1. Permanent access to Facebook user’s.
  2. Bypassing any authentication.

Timeline

June. 18, 2019 — Initial Report
June. 19, 2019 — Report Triaged
June. 21, 2019 — Fixed By Facebook
June. 21, 2019 — Fixed Confirmed
June. 27, 2019 — Bounty awarded

Bounty awarded

Happy Hacking!!

@0xBarakat

Mahmoud Barakat

Written by

Student in the morning, Hacker at night.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade