Handful of OAuth bugs combine for GitHub session theft

Chaining together five low security bugs has allowed Russian security researcher Egor Homakov to steal user sessions and increase the scope of OAuth tokens from GitHub, giving Homakov the ability to access and delete private GitHub repositories and Gists.

Detailing the process of linking the five bugs together in a blog post, Homakov called his exploit the “perfect crime”.

Tags:

OAuth

Security

Story added 10. February 2014, content source with full text you can find at link above.

Comments are closed.

More antivirus and malware news?

Your gadget could save your life: smart speaker phones police
Resolved: Intermittent Workflow Errors
Resurrection of the Living Dead: The “Redirect to SMB” Vulnerability
Top offers for cyberthreats and security software for September 2019
Zerodium Boosts Bounty for iOS Exploit to $1.5 Million
New report says cyberspying group linked to China’s army
Adlumin Snags $70M to Boost Security for Mid-Market Firms
Nokia posts $1 billion operating loss
Google Brings End-to-End Encrypted Emails to All Enterprise Gmail Users
Lawsuit alleging Gmail ads are "wiretapping" gets judge’s OK

Handful of OAuth bugs combine for GitHub session theft

More antivirus and malware news?

Ads

Security news

Malware

Security

IT security

About site

Search Terms Tips

Recent New Tips

Recent Posts