OAuth vulnerabilities affect Booking.com
Salt Labs, the research division of Salt Security, has reported several critical vulnerabilities in the implementation of the Open Authorization (OAuth) login functionality used by Booking.com, which could affect users accessing the site via their Facebook account.
According to the research, the compromise of user accounts and servers through these vulnerabilities could allow the leakage of personal information (PII) and user impersonation when making, for example, bookings, cancellations or requests for transport services.
References
- 02/03/2023 salt.security Traveling with OAuth - Account Takeover on Booking.com
- 02/03/2023 salt.security Salt Security Uncovers API Security Flaws within Booking.com that Allowed Full Account Takeover – Issues have been Remediated
- 02/03/2023 infosecurity-magazine.com API Security Flaw Found in Booking.com Allowed Full Account Takeover
- 02/03/2023 darkreading.com Booking.com's OAuth Implementation Allows Full Account Takeover
- 02/03/2023 csoonline.com Booking.com account takeover flaw shows possible pitfalls in OAuth implementations
- 02/03/2023 securityboulevard.com Traveling with OAuth – Account Takeover on Booking.com
Etiquetas
