Kowatek Solar LTD
Largest wind farm in the United States slated to begin commercial operations
17:53
Largest wind farm in the United States slated to begin commercial operations
RETC PV Module Index highlights panel reliability concerns
14:31
RETC PV Module Index highlights panel reliability concerns
SEIA: AI is fueling a massive US energy storage boom
07:36
SEIA: AI is fueling a massive US energy storage boom
Intermodal Shifts and Retail Consolidation De-Carbonize Logistics Freight — Environmental Protection
17:55
Intermodal Shifts and Retail Consolidation De-Carbonize Logistics Freight — Environmental Protection
France VAT compliance
17:59
France VAT compliance
Battery Power Online | Peak Energy, General Motors Partner on Sodium-Ion Cells for Grid Applications
17:54
Battery Power Online | Peak Energy, General Motors Partner on Sodium-Ion Cells for Grid Applications
Why Britain is saying no to hydrogen boilers
17:53
Why Britain is saying no to hydrogen boilers
Who are the companies commercialising large-scale thermal energy storage technologies today
04:32
Who are the companies commercialising large-scale thermal energy storage technologies today
16 Utah Cities Choose to Opt-in to Groundbreaking Clean Energy Program to Bring 100% Clean Energy to Grid
17:51
16 Utah Cities Choose to Opt-in to Groundbreaking Clean Energy Program to Bring 100% Clean Energy to Grid
Themis Powder2Power particle-based CSP begins commissioning in France
18:00
Themis Powder2Power particle-based CSP begins commissioning in France

API Security Flaw Found in Booking.com Allowed Full Account Takeover

Several security flaws were found in the implementation of the Open Authorization (OAuth) social login functionality used by the online travel agency Booking.com.

Vulnerabilities discovered by salt security Users logged into the site via Facebook accounts may be affected.

“OAuth misconfigurations could have enabled both a large-scale account takeover (ATO) on customer accounts and server compromise.” I have written Aviad Carmel, security researcher at Salt Security.

Security experts say OAuth offers a simpler user experience in interacting with websites, but its complex technical backend poses security problems and can be exploited.

“OAuth has quickly become an industry standard and is now used by hundreds of thousands of services around the world,” said Yaniv Balmas, vice president of research at the company. “As a result, OAuth misconfigurations can have a significant impact on both businesses and customers as they expose valuable data to the bad guys.”

Specifically, the researcher said he found the vulnerability by manipulating a specific step in the Booking.com site’s OAuth sequence.

“[We] We discovered that we could hijack sessions to perform account takeover (ATO), steal user data, and perform actions on the user’s behalf,” writes Balmas.

After discovering the flaws, Salt Labs disclosed them to Booking.com, and the company reportedly fixed them.

A spokesperson for the company said, “Upon receiving the report from Salt Security, our team immediately investigated the findings and confirmed that the Booking.com platform was not compromised and the vulnerability was quickly resolved. I have confirmed,” he said.

Salt Labs said it saw no evidence that it had been exploited in the wild. This discovery comes almost a year after GitHub confirmed several organizations were compromised by threat actors. Using stolen OAuth tokens Access your private repository.

Recently, Microsoft reported that attackers installed an OAuth application on a compromised cloud tenant, I used them to control my Exchange server Spread spam.

Image credit: II.studio / Shutterstock.com

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

Address:
 091, Peace Plaza, Asaba, Delta State.
216 DBS Road, Asaba, Delta State.
Start a conversation:

Follow Us Social Media

Facebook Twitter Youtube Instagram

All Rights Reserved. Kowatek Blog by IWUCHI

Home | About Us | Disclaimer | Privacy Policy | Contact Us