Snapchat user accounts vulnerable to Brute-Force Attack
Snapchat, a Smartphone application that lets users share snapshots with friends is catching fire among teenagers. It was first hacked in December when 4.6 million Snapchat users were exposed in a database breach.
Later, the denial-of-service attack and CAPTCHA Security bypass were discovered by other researchers within last two-three weeks. Snapchat has no Vulnerability Reward Program, but still many penetration testers are working hard and free of cost to make the application more secure by disclosing flaws.
Interestingly, this is not the end of vulnerabilities, Mohamed Ramadan, a security researcher with Attack-Secure from Egypt, has spotted a new vulnerability on Snapchat that allow an attacker to brute-force login credentials of the users. Brute-force is a process of trying multiple passwords against a username until you get a correct password.
"This vulnerability allows anyone who knows your SnapChat email to brute force your account’s password without any protection from snapchat side, there is no lockout. Limited tries or even Captcha." he said in a blog post.
Video Demonstration: http://www.youtube.com/watch?v=GEstRt6CecA
He found this security flaw late in 2013, reported it to Snapchat's Security Team and they took 2 Months to fix the flaw. However, vulnerability has been fixed; but users are recommended to use Strong passwords always.
The security flaws doesn't mean that SnapChat is losing its reputation in the market as security issues are common in every app we use today, and moreover it is the popularity and easiness of the app that Facebook offered $3 Billion to purchase it but the SnapChat CEO rejected the offer.