cross-posted from: https://sh.itjust.works/post/15727106

Nepali Hacker Tops Hall of Fame by Reporting Facebook’s Zero-Click Flaw

Samip Aryal, a Nepali cybersecurity researcher, discovered a zero-click flaw in Facebook’s password reset system that bypassed rate-limiting and allowed brute-forcing of 6-digit security codes. His findings, which could enable account takeovers, earned him a top spot in Facebook’s Hall of Fame for White-Hat Hackers 2024. Aryal responsibly disclosed the vulnerability, which was promptly fixed. Users are advised to enable two-factor authentication and use strong passwords to protect against such threats.