Indian White Hat hacker Avinash Singh found out a security lapse in Twitter’s video-based micro-blogging platform Vine which has awarded him $10,080 (Rs 6.8 lakh) from the social network giant. The security threat allowed him to access the entire cache of online code for Vine.
According to a report by The Hacker News, Avinash discovered a Docker image for Vine while looking for vulnerabilities using censys.io, a search engine website which allowed him to see the entire Source Code of Vine, its third party keys, API keys and other secrets. He also mentioned in his blog “Even running the image without any parameter, was letting me host a replica of VINE locally,” Avinash reported the security threat to Twitter on March 31 this year and they fixed the issue within 5 minutes
This is not the first time that Singh has reported a bug, nearly 20 more bugs where reported to Twitter since he started contributing as a bounty hunter last year. He mainly focuses on Twitter since they fix problems and pay up quickly.
Follow us on Twitter: Follow@FlashTechLoud