Tumblr serious vulnerability can reveal everyone information
Tumblr, a well-known blog sharing site, just released a security bulletin to reveal serious security vulnerabilities that have been fixed.
A security researcher submitted the security breach through a soup-free bounty hunter program that has been fixed by the company’s engineering team.
Anyone can use the vulnerability to view other users’ data without any complicated steps, including registering an account and email address and hashing a password.
Low-level but severe security vulnerabilities:
According to the security bulletin issued by Tumblr: This security vulnerability is located in the “Recommended Blogs” module that the logged-in user displays according to the user’s interest.
Under normal circumstances, users will not be able to recommend a few blogs by interest after logging in. These blogs usually include the blog name and simple instructions. However, the vulnerability caused anyone to view the details of these blogs using the debugger, including the account mailbox and the hash-encrypted password.
Tumblr said that there is currently no evidence that the vulnerability has been exploited. Simply put, no analysis of the security team has affected users.