ask.fp.o potential account hijacking with facebook oauth

Achilleas Pipinellis axilleaspi at ymail.com
Sun Feb 9 19:52:38 UTC 2014


Hello there!

I bumped into a recent post that describes the way someone could get
access to your account using facebook oauth. According to the
vulnerability author:

> Every website with "Connect Facebook account and log in with it" is
> vulnerable to account hijacking.

Source:
http://homakov.blogspot.gr/2014/01/two-severe-wontfix-vulnerabilities-in.html

Facebook will not fix this anytime soon. Should we disable facebook
login until this gets resolved?

-- 
FAS : axilleas
GPG : 0xABF99BE5
Blog: http://axilleas.me


More information about the infrastructure mailing list