Single Sig-on (SSO) Service Is Vulnerable (Google, Paypal, Facebook, Twitter Users At Risk)
Serious security flaws has been found in Web-based single sign-on (SSO) services run by Google, Paypal, Facebook, Twitter, and many others. It has been suspected that executing the vulnerability an attacker can get access to users' accounts. Researchers at Microsoft and Indiana University recently recently discovered this loop hole. The security researchers have made an exclusive report which clearly indicates poor integration by website developers of the application programming interfaces and a lack of end-to-end security checks as the reasons for the flaws. According to the report :- “In this study, we discovered eight serious logic flaws in high-profile ID providers and relying party websites, such as OpenID (including Google ID and PayPal Access), Facebook, JanRain, Freelancer, FarmVille, Sears.com, etc. Every flaw allows an attacker to sign in as the victim user. We reported our findings to affected companies, and received their acknowledgements in various ways”.
Although the flaws have been fixed by the affected companies, “this study shows that the overall security quality of SSO deployments seems worrisome”, they noted.
LINK TO OUR HOME PAGE :
Voice Of GREYHAT is a non-profit Organization propagating news specifically related with Cyber security threats, Hacking threads and issues from all over the spectrum. The news provided by us on this site is gathered from various Re-Sources. if any person have some FAQ's in their mind they can Contact Us. Also you can read our Privacy Policy for more info.
Thank You !
-Team VOGH
If you enjoyed VOGH News, Articles Then Do Make sure you to Subscribe Our RSS feed. Stay Tuned with VOGH and get Updated about Cyber Security News, Hacking Threads and Lots More. All our Articles and Updates will directly be sent to Your Inbox. Thank You!
-Team VOGH
Categories:
Microsoft
,
security-news
,
vulnerablity
