Top

Facebook Offers Rewards for Access Token Exposure Flaws

September 18, 2018

Category:

Facebook announced on Monday that it has expanded its bug bounty program to introduce rewards for reports describing vulnerabilities that involve the exposure of user access tokens.

Access tokens allow users to log into third-party applications and websites through Facebook. The tokens are unique for each user and each app, and users can choose what information can be accessed by the token and the app using it, as well as what actions it can take. The problem is that if a token is exposed, it can be misused to an extent that depends on the permissions set by its owner.

Facebook has updated its bug bounty program to clarify what it expects from reports describing token-related vulnerabilities.

Read More on Security Week