Account Takeover via Authentication Bypass in TikTok Account Recovery
Critical
T
TikTok
Submitted None
Team Summary
Official summary from TikTok
An improper authentication mechanism in TikTok's account recovery process could have been used for account takeovers on Android devices. There was no evidence of exploitation and this vulnerability has now been completely fixed. We thank @xtt0k for reporting this to our team and confirming its remediation.
Actions:
Reported by
xtt0k
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Bounty
$12000.00
Submitted
Weakness
Authentication Bypass Using an Alternate Path or Channel