Researchers took over Booking.com accounts using a legitimate Facebook link

4 points by aviCC ↗ HN
The vulnerability exists in OAuth (social sign-in), used by almost every website today. If you are unfamiliar with OAuth, the post (in the first comment) explains it step-by-step with detailed diagrams.

1 comment

[ 2.7 ms ] story [ 22.7 ms ] thread