"'Log in With...' Feature Allows Full Online Account Takeover for Millions"

Vulnerabilities in the implementation of the Open Authorization (OAuth) standard across three major online services may have exposed users to credential theft, financial fraud, and other cybercriminal activities. Researchers from Salt Labs discovered critical Application Programming Interface (API) misconfigurations on the websites of several online companies, including Grammarly, Vidio, and Bukalapak, which leads them to believe that dozens of other websites are likely compromised in the same way. OAuth is a widely implemented standard that enables cross-platform authentication, and most people are familiar with it as the option to log in to a website using a social media account. The implementation flaws are part of a series of vulnerabilities in OAuth found by researchers over the past few months, affecting multiple popular online platforms and putting users at risk. This article continues to discuss the potential exploitation and impact of the flaws in the implementation of the OAuth standard.

Dark Reading reports "'Log in With...' Feature Allows Full Online Account Takeover for Millions"

Submitted by grigby1