Get a Pentest and security assessment of your IT network.

News

Authentication bypass on Ubers Single Sign-On via subdomain takeover Arne Swinnen’s Security Blog

Uber was vulnerable to subdomain takeover on saostatic.uber.com via Amazon CloudFront CDN. Ubers recently deployed Single Sign-On (SSO) system at auth.uber.com was found vulnerable to session cookie theft by any compromised *.ubercom subdomains. Uber resolved the sub domain takeover vulnerability and granted a $5,000 bounty for the two combined issues. Uber did have some countermeasures in place to prevent this, but reported with increased impact for increased impact.”]

Source: https://www.arneswinnen.net/2017/06/authentication-bypass-on-ubers-sso-via-subdomain-takeover/

Related posts
News

Ashley Madison 2.0 Hackers Leak 20GB Data Dump, Including CEO's Emails

News

Art of Twitter account hacking

News

Botnet authors use Evernote account as C&C Server

News

Canadian agency breached as hackers exploit CVE-2017-5638 flaw in Apache Struts 2