Misconfiguration-Whatsapp Messenger's

Pratheesh P Narayanan
2 min readJan 26, 2019

--

This report is all about the Misconfiguration which I came across on the Cross Platform Instant Messaging App- WhatsApp

You might be aware of recent policy changes on Whatsapp which prevents users from forwarding messages to more than 5 chats at a time.Also,whenever a user forwards something,the application shows that this is a forwarded message.

Forwarded Message

Whatsapp Introduced this feature to prevent fake messages from being circulated on the platform. They had even launched a program which awards researchers upto 50K USD for providing them with better ideas to prevent spam/fake messages from being circulated.

About the bug…

The bug is pretty much simple and straight forward. The forward limit of upto 5 chats and the forwarded tag was not implemented on The Business Version of the Application as well as on Whatsapp Messenger for Windows Phone. Any malicious user using any of the above versions of the application can exploit this vulnerability. No preventive measures are taken.

No Limit On Forward
No Forward Tag

I was responsible enough to report this to the Facebook Security Team. I felt that since they were investing a lot into resolving this issue of Spam/fake message on their platform,I felt this might qualify as a report,but it was not a security risk according to Sec Team.

They’re not gonna fix it any time soon

Initial Report: January 8

More Information: January 10

Report Closed as Informative on 25th January

Let’s hope someone from the product team will come across this and will roll out a fix ;)

--

--