Blog | G5 Cyber Security

Authentication bypass on Ubers Single Sign-On via subdomain takeover Arne Swinnen’s Security Blog

Uber was vulnerable to subdomain takeover on saostatic.uber.com via Amazon CloudFront CDN. Ubers recently deployed Single Sign-On (SSO) system at auth.uber.com was found vulnerable to session cookie theft by any compromised *.ubercom subdomains. Uber resolved the sub domain takeover vulnerability and granted a $5,000 bounty for the two combined issues. Uber did have some countermeasures in place to prevent this, but reported with increased impact for increased impact.”]

Source: https://www.arneswinnen.net/2017/06/authentication-bypass-on-ubers-sso-via-subdomain-takeover/

Exit mobile version