Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×
Facebook

Submission + - OAuth Flaw Allowed Access to Any Facebook Account (net-security.org)

Orome1 writes: "A flaw in Facebook's OAuth system that allows the communication between applications and users has allowed web application security specialist Nir Goldshlager to gain full control of any Facebook account. The exploit worked on all browsers, and would even work on accounts that have 2-step verification enabled. Luckily for all of us, this flaw has already been patched by Facebook, but Goldshlager says that he found a couple of more and Facebook is still working on fixing them."
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

OAuth Flaw Allowed Access to Any Facebook Account

Comments Filter:

"It says he made us all to be just like him. So if we're dumb, then god is dumb, and maybe even a little ugly on the side." -- Frank Zappa

Working...