Comment on Authy got hacked, and 33 million user phone numbers were stolen

<- View Parent
0xD@infosec.pub ⁨4⁩ ⁨months⁩ ago

A missing rate limit is a vulnerability, or a weakness, depending on the definition. You’re playing smart without having an idea of what you’re talking about. Here you go:

cwe.mitre.org/data/definitions/799.html

YouTube videos are public, and as such it’s not really hacking. If you were able to download private videos, for example, it would be a vulnerability like “Improper Access Control”. It does not matter in the least whether you use an “exploit” in your definition (which is wrong) or “just increment the video ID”.

The result is a breach of confidentiality, and as such this is to be classified as a “hack”.

source
Sort:hotnewtop