Researchers took over Booking.com accounts using a legitimate Facebook link

4 pointsby aviCCabout 2 years ago

The vulnerability exists in OAuth (social sign-in), used by almost every website today. If you are unfamiliar with OAuth, the post (in the first comment) explains it step-by-step with detailed diagrams.

1 comment

aviCCabout 2 years ago

<a href="https://salt.security/blog/traveling-with-oauth-account-takeover-on-booking-com" rel="nofollow">https://salt.security/blog/traveling-with-oauth-account-take...</a><p>Video: <a href="https://youtu.be/IK_AV1UFS-0" rel="nofollow">https://youtu.be/IK_AV1UFS-0</a>