Infosec.Pub

4,618 readers
125 users here now

To support infosec.pub, please consider donating through one of the following services:

Paypal: jerry@infosec.exchange

Ko-Fi: https://ko-fi.com/infosecexchange

Patreon: https://www.patreon.com/infosecexchange

founded 2 years ago
ADMINS
jerry
shellsharks
modbot
listing: all - local
search
1
12
Google OAuth Vulnerability Exposes Millions via Failed Startup Domains (thehackernews.com)
submitted 6 months ago by IllNess to c/securitynews
0 comments fedilink
 
 

New research has pulled back the curtain on a "deficiency" in Google's "Sign in with Google" authentication flow that exploits a quirk in domain ownership to gain access to sensitive data.

2
17
Google OAuth Vulnerability Exposes Millions via Failed Startup Domains (thehackernews.com)
submitted 6 months ago by lemmydev2 to c/pulse_of_truth
0 comments fedilink
 
 

New research has pulled back the curtain on a "deficiency" in Google's "Sign in with Google" authentication flow that exploits a quirk in domain ownership to gain access to sensitive data. "Google's OAuth login doesn't protect against someone purchasing a failed startup's domain and using it to re-create email accounts for former employees," Truffle Security co-founder and CEO Dylan Ayrey said

view more: next ›