Last active
June 19, 2020 14:57
-
-
Save mobeigi/305e435822e301baf84775f110dc2103 to your computer and use it in GitHub Desktop.
Facebook login quirk
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
It looks like Facebook automatically tries to fix email corrections upon logging in. | |
If you login with the wrong email but correct password, it will do a bruteforce/close match attempt with similar emails. | |
If successfully, you login to that account, even if the email you put in belongs to another user. | |
Seems to work for even really wack emails that are 4 characters different! | |
If both accounts have the same password, it logs in the email that matches. | |
Tested on custom domain, might be a lot less usable on public @gmail.com domain etc. | |
https://security.stackexchange.com/questions/214814/why-can-i-log-in-to-my-facebook-account-with-a-misspelled-email-password |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment