This report is all about the Misconfiguration which I came across on the Cross Platform Instant Messaging App- WhatsApp
You might be aware of recent policy changes on Whatsapp which prevents users from forwarding messages to more than 5 chats at a time.Also,whenever a user forwards something,the application shows that this is a forwarded message.
Whatsapp Introduced this feature to prevent fake messages from being circulated on the platform. They had even launched a program which awards researchers upto 50K USD for providing them with better ideas to prevent spam/fake messages from being circulated.
WhatsApp Messenger: More than 1 billion people in over 180 countries use WhatsApp to stay in touch with friends and…www.whatsapp.com
About the bug…
The bug is pretty much simple and straight forward. The forward limit of upto 5 chats and the forwarded tag was not implemented on The Business Version of the Application as well as on Whatsapp Messenger for Windows Phone. Any malicious user using any of the above versions of the application can exploit this vulnerability. No preventive measures are taken.
I was responsible enough to report this to the Facebook Security Team. I felt that since they were investing a lot into resolving this issue of Spam/fake message on their platform,I felt this might qualify as a report,but it was not a security risk according to Sec Team.
Initial Report: January 8
More Information: January 10
Report Closed as Informative on 25th January
Let’s hope someone from the product team will come across this and will roll out a fix ;)