Missing authentication in buddy group API of LINE TIMELINE
Medium
L
LY Corporation
Submitted None
Team Summary
Official summary from LY Corporation
Due to the bug in authentication logic in LINE TIMELINE buddy group API, it could be possible for an attacker to obtain the authority of another person by manipulating API request headers, which would allow an attacker to inquire and modify the buddy group and buddy group list of another user.
Actions:
Reported by
e26174222
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Bounty
$3000.00
Submitted
Weakness
Improper Authentication - Generic