Tencent's wechat is shaking vulnerability, the use of the phone number cause account lost can't get back in!-- Theory of of personal information security and protection-vulnerability warning-the black bar safety net

ID MYHACK58:62201559665
Type myhack58
Reporter JustinLiu27
Modified 2015-03-06T00:00:00


This article was written today at 2 p.m. much, did not immediately issued because the cock to the clouds first feedback about the cock always felt the clouds are very T, it is desirable to have an account, but the cock is too water, but did not pass the audit, it may present cock of the expression of the limited capacity of it. So I sent directly to.



The first well, the man recognized some of the title party. And this problem is definitely not the cock of the first one found, just personal experience after you want to record.


The cock first thing in the description of the background:

Last year, when new buy a phone number, look at the derivative of what recently very fire, but with their own micro-channel made to made to feel very bad, then decided to use this phone number to register a wechat to spare, in case I spare the time to also walk on this road.

The problem fuse

Open wechat with phone number to be registered, receiving the verification code to fill in after the completion, suggesting that this phone number has been bound, select“No, continue with registration”is not possible anymore.

Thus, the present cock call wechat customer service, Customer Service said need to submit screenshots to prove the phone's network time when writing to this thought here are not rigorous, only this one screenshot words, if a person's mobile phone number service password leakage, that is dangerous. But on the computer log on to the website, the user where the displayed name is not the phone number, although able to view the network time, but the customer insisted on a screenshot cannot be used as proof and the reluctance of the cock waiting for too much time, and customer communication times, try a multi-part screenshot, payment records screenshots, etc., the attempt is not to unbundling, although he is also required to do, but it is too dead. (Right here tucao under Tencent customer service, the micro-channel customer service is okay, Online of Tencent customer service is simply the slag!)

Found a Bug

The cock little violent temper, since customer service does not give the operation, then try it yourself to see, did not think really put wechat scored. Specific try process no the table, the following only describes specific core steps.

Password forget, only phone number, no other micro-channel number, etc. any other information, but I was abruptly logged out of each other's wechat.

The process is relatively simple I will not nonsense, direct look figure!


[1] [2] next