cyber Vulnerability

oauth-protocol

Jul 9, 2023 1 min read
oauth-protocol

OAuth found that a malicious user had successfully exploited them, and that the attacker might have seized control of users who were logging in through Facebook.

With full access to the account and knowledge of every user's personal data, the attacker could have taken any action on behalf of the compromised users.

Booking.com has been made aware of all the problems detailed in this article, and it took immediate action to resolve and fully mitigate all of the problems.

After receiving the Salt Security report, their teams reviewed the information right away and determined that the Booking.com platform had not been compromised. The vulnerability was then quickly fixed.

Source: https://salt.security/blog/traveling-with-oauth-account-takeover-on-booking-com

TPRM report: https://scoringcyber.rankiteo.com/company/oauth-protocol

"id": "oau4393723",
"linkid": "oauth-protocol",
"type": "Breach",
"date": "03/2023",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"
{'affected_entities': [{'industry': 'Hospitality',
                        'name': 'Booking.com',
                        'type': 'Company'}],
 'attack_vector': 'OAuth Exploit',
 'data_breach': {'type_of_data_compromised': ['Personal data']},
 'description': 'A malicious user exploited OAuth, potentially seizing control '
                'of users logging in through Facebook. The attacker gained '
                'full access to user accounts and personal data, enabling them '
                'to take any action on behalf of compromised users. '
                'Booking.com was informed and took immediate action to resolve '
                'and mitigate the issues. After reviewing the Salt Security '
                'report, Booking.com determined their platform was not '
                'compromised and quickly fixed the vulnerability.',
 'impact': {'data_compromised': ['Personal data'],
            'systems_affected': ['User accounts']},
 'initial_access_broker': {'entry_point': 'OAuth vulnerability'},
 'motivation': 'Data theft, account control',
 'response': {'containment_measures': ['Immediate action to resolve and '
                                       'mitigate issues'],
              'remediation_measures': ['Vulnerability quickly fixed']},
 'threat_actor': 'Malicious user',
 'title': 'OAuth Exploit Potentially Compromising Booking.com Users',
 'type': 'Exploit',
 'vulnerability_exploited': 'OAuth vulnerability'}
Published by
Roshni Ray
Roshni Ray
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.