Booking.com account takeover flaw shows possible pitfalls in OAuth implementations

2 March 2023

Booking.com, one of the world’s largest online travel agencies, recently patched a vulnerability in its implementation of the OAuth protocol that could have allowed attackers to gain access to customer accounts by simply tricking them into clicking a link. The attack combined three separate issues that on their own could be categorized as low risk and could be introduced by many developers into their implementations.

Read full article on CSO Online

Date:

2 March 2023

Categorie(s):

NEWS

Tag(s):

Bookings, IT, News, OAuth

Security Excellence Awards – winners revealed!3 May 2024
McAfee Dominates AV-Comparatives PC Performance Test3 May 2024
Preparation: The Less Shiny Side of Incident Response – Joe Gross – ESW #3603 May 2024
Critical GitLab account takeover flaw added to CISA’s KEV Catalog2 May 2024
Microsoft, Google do a victory lap around passkeys2 May 2024