Critical Vulnerability In LINE Could Allow Admin Access To Official Account

A serious vulnerability existed in the messenger app LINE that allowed admin access to Official Accounts. Line not only patched the bug but also awarded a $4,750 bounty to the researcher.

Bug bounty hunter Ron Chan found a serious security vulnerability affecting LINE accounts. As described in the HackerOne bug report, there was an Insecure Direct Object Reference (IDOR) vulnerability that allowed an adversary to gain admin access to a LINE Official Account.

Regarding how the exploit worked, Chan stated,

The researcher reported the flaw to Line via their bug bounty program on HackerOne in September 2019. This bug leading to a privilege escalation and achieved a critical severity rating with a score of 9-10. Following his report, LINE worked on a fix to eliminate the flaw.

The vendors awarded a bounty of $4,750 to Chan for reporting the vulnerability.

You Might Also Like