Vulnerability Management

Yahoo changes tune, fixes Flickr invite disclosure bug

Yahoo has fixed a Flickr flaw that enabled anyone to access the entire contents of an invitation, which are sent by users to ask nonmembers to join the photo sharing service.

The bug, originally reported to Yahoo a couple of months ago by a user on Hacker One, a service that helps operate bug bounty programs, would lead to the compromise of information, including names, email addresses, and messages contained within the invite.

The bug worked by entering a specific URL, along with a unique identifying number for the invitation.

Yahoo initially responded by saying that the service was working properly and sensitive data was not being made available, but following disclosure of the bug, the internet corporation changed its tune and said it would remunerate the bug bounty hunter.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.