ask.fp.o potential account hijacking with facebook oauth
Achilleas Pipinellis
axilleaspi at ymail.com
Sun Feb 9 19:52:38 UTC 2014
Hello there!
I bumped into a recent post that describes the way someone could get
access to your account using facebook oauth. According to the
vulnerability author:
> Every website with "Connect Facebook account and log in with it" is
> vulnerable to account hijacking.
Source:
http://homakov.blogspot.gr/2014/01/two-severe-wontfix-vulnerabilities-in.html
Facebook will not fix this anytime soon. Should we disable facebook
login until this gets resolved?
--
FAS : axilleas
GPG : 0xABF99BE5
Blog: http://axilleas.me
More information about the infrastructure
mailing list