Latest News

Transport for NSW lands two NBN Co data leaders

NFL-Super Bowl prepares for potential AI cyber security threat

Nvidia's Huang dismisses fears AI will replace software tools

Sydney Metro West to use private 5G network

Beyond Bank's CIO exits

LinkedIn fixes OAuth flaw

By Darren Pauli

Jul 23 2013 3:11PM

Researcher sends heads up.

LinkedIn has fixed a flaw in its website that allowed OAuth tokens to be stolen.

LinkedIn fixes OAuth flaw

British software engineer Richard Mitchell found he could steal OAuth tokens over HTTP thanks to formerly weak authentication within an interstitial page in LinkedIn's help site.

"I quickly found a request to a JavaScript file including the API key for the help system which immediately returned an OAuth token for the user," Mitchell said.

"You shouldn’t trust JavaScript or the referer header exclusively for any kind of authorisation policy."

LinkedIn fixed the flaw on 5 July two days after it was reported and sent Mitchell a t-shirt for his effort.

Got a news tip for our journalists? Share it with us anonymously here.

Copyright © SC Magazine, Australia

Tags:

linkedin oauth security

Partner Content

ctrl:cyber strengthens sovereign cyber capability with elevenM acquisition

Promoted Content ctrl:cyber strengthens sovereign cyber capability with elevenM acquisition

Local Technology Infrastructure Is Key to Australia’s Artificial Intelligence-Enabled Future

Promoted Content Local Technology Infrastructure Is Key to Australia’s Artificial Intelligence-Enabled Future

From hype to value: The AI trends set to shape 2026

Partner Content From hype to value: The AI trends set to shape 2026

Overcoming the “last mile” problem in AI adoption with Lucid Software

Promoted Content Overcoming the “last mile” problem in AI adoption with Lucid Software

Sponsored Whitepapers

Uncomplicate IT Service Delivery with AI Agents

Uncomplicate IT Service Delivery with AI Agents

Getting ahead of the tech: what’s next for Australian organisations in digital transformation

Getting ahead of the tech: what’s next for Australian organisations in digital transformation

Fintech compliance made fast and secure

Fintech compliance made fast and secure

How to evaluate SIEM solutions Safeguarding your future Get a demo Download guide

How to evaluate SIEM solutions Safeguarding your future Get a demo Download guide

2025 Security operations insights: Three-quarters of security leaders need something new in SIEM

2025 Security operations insights: Three-quarters of security leaders need something new in SIEM

Events

Most Read Articles

Popular text editor Notepad++ was hacked to drop malware

Popular text editor Notepad++ was hacked to drop malware

NSW to overhaul state cyber emergency plan

NSW to overhaul state cyber emergency plan

'Moltbook' social media site for AI agents had big security hole

'Moltbook' social media site for AI agents had big security hole

Google busts giant IPIDEA residential proxy network

Google busts giant IPIDEA residential proxy network

Sydney-based AI-cloud waste startup raises $3m

Sydney-based AI-cloud waste startup raises $3m

Brennan uses NiCE to modernise its contact centre

Brennan uses NiCE to modernise its contact centre

Impact Awards: Tecala slashes customer response times for fintech IQumulate

Impact Awards: Tecala slashes customer response times for fintech IQumulate

Interactive introduces private cloud platform

Interactive introduces private cloud platform

Digital61 expands cybersecurity portfolio

Digital61 expands cybersecurity portfolio

Most popular tech stories