all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Careless OAuth Implementation Puts Billions at Risk

Add to bookmarks
Oct. 27, 2023, 9:18 p.m. |

GovInfoSecurity.com RSS Syndication www.govinfosecurity.com

Skipping Token Validation Is Open Door for Hackers
Social media single sign-on standard OAuth has an implementation weakness that hackers could exploit to obtain unauthorized access, say researchers. "We expect that 1,000s of other websites are vulnerable to the attack," wrote Salt Security, "putting billions of additional internet users at risk."

access attack door expect exploit hackers implementation internet media oauth researchers risk salt salt security security sign single single sign-on standard token unauthorized access validation vulnerable weakness websites

Visit resource

More from www.govinfosecurity.com / GovInfoSecurity.com RSS Syndication

Operation Cronos Again Threatens to Reveal LockBitSupp 5 hours ago | www.govinfosecurity.com
as-a-service clock dark dark web +19
LevelBlue Leverages AI for Threat Intel Following AT&T Split 6 hours ago | www.govinfosecurity.com
acquisition advanced advanced threat amp +17
The Intelligent SOC: Fusion Methodology at the Intersection of Intelligence, Context, and Action in Modern … 8 hours ago | www.govinfosecurity.com
action context enterprises fusion +4
Code to Cloud Roadshow - Tysons Corner In-Person Event hosted by Palo Alto Networks 2 days, 22 hours ago | www.govinfosecurity.com
alto cloud code event +5
New Report Exposes Iranian Hacking Group's Media Masquerade 2 days, 23 hours ago | www.govinfosecurity.com
apt42 cloud credentials global +16
How Intel 471's Buy of Cyborg Is Reshaping Threat Hunting 2 days, 23 hours ago | www.govinfosecurity.com
address beef clients customers +19
Regulating AI: 'It's Going to Be a Madhouse' 3 days ago | www.govinfosecurity.com
artificial artificial intelligence biden challenges +17
Web Trackers Persist in Healthcare Despite Privacy Risks 3 days, 1 hour ago | www.govinfosecurity.com
action ceo class class action +17
New Botnet 'Goldoon' Targets D-Link Devices 3 days, 1 hour ago | www.govinfosecurity.com
administration attackers botnet devices +15

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Principal - Cyber Risk and Assurance - Infra/Network

@ GSK | Bengaluru Luxor North Tower
View on infosec-jobs.com

Staff Security Engineer

@ Airwallex | AU - Melbourne
View on infosec-jobs.com

Chief Information Security Officer

@ Australian Payments Plus | Sydney, New South Wales, Australia
View on infosec-jobs.com

TW Test Automation Engineer (Access Control & Intrusion Systems)

@ Bosch Group | Taipei, Taiwan
View on infosec-jobs.com

Consultant infrastructure sécurité H/F

@ Hifield | Sèvres, France
View on infosec-jobs.com

SOC Analyst

@ Wix | Tel Aviv, Israel
View on infosec-jobs.com
View more jobs