A safety researcher gained a hefty bounty for reporting a number of vulnerabilities in Fb which triggered account takeover assaults. These bugs seem distinctive in that they selectively affected accounts signed up by way of Gmail.
Fb Account Takeover Vulnerabilities
Not too long ago, the safety researcher Youssef Sammouda defined how he caught a number of bugs affecting Fb. The researcher observed that exploiting the vulnerabilities in a chained method may permit Fb account takeover makes an attempt.
Briefly, the researcher first observed the bug within the “Fb Checkpoint” web page that used Google Captcha for login try verification. Sammouda observed that the web page leaked parameters for any visited endpoint within the father or mother URL.
Whereas Fb has included the Captcha in a sandbox area, it grew to become potential for an adversary to leak the parameters by way of XSS. That’s what the researcher observed – an XSS vulnerability within the sandbox area.
Then, the opposite vulnerabilities included login and logout CSRF that allowed focusing on the Gmail OAuth. As said,
Gmail sends again the OAuth code/token to www.fb.com if the consumer is logged in to Gmail, and since we will steal something that’s coming to www.fb.com we will use the Google OAuth code to login to the Fb account that has that Gmail account linked to it.
Ultimately, the researcher may chain all of the bugs to steal the Google OAuth code and id_token to take over the goal account.
The researcher has shared the small print of the bug in his submit.
Fb Patched The Flaws
In keeping with the timelines shared, the researcher reported the vulnerabilities to Fb in February this yr. The tech big acted shortly, acknowledging the bugs and shifting on to develop patches.
Then, on March 21, 2022, Fb fastened all of the vulnerabilities alongside rewarding the researcher with a hefty $44625 bounty.
For the reason that patches have already been launched, the tech big has doubtlessly secured all Fb customers from this exploit.
Tell us your ideas within the feedback.