Latest News

In Pictures: iTnews Executive Retreat - Security leaders edition

US arrests Super Micro co-founder for allegedly smuggling GPUs into China

Gov to explore "future connectivity between identity exchanges"

OpenAI to buy Python toolmaker Astral

Hacker says they compromised millions of confidential police tips

LinkedIn fixes OAuth flaw

By Darren Pauli

Jul 23 2013 3:11PM

Researcher sends heads up.

LinkedIn has fixed a flaw in its website that allowed OAuth tokens to be stolen.

LinkedIn fixes OAuth flaw

British software engineer Richard Mitchell found he could steal OAuth tokens over HTTP thanks to formerly weak authentication within an interstitial page in LinkedIn's help site.

"I quickly found a request to a JavaScript file including the API key for the help system which immediately returned an OAuth token for the user," Mitchell said.

"You shouldn’t trust JavaScript or the referer header exclusively for any kind of authorisation policy."

LinkedIn fixed the flaw on 5 July two days after it was reported and sent Mitchell a t-shirt for his effort.

Got a news tip for our journalists? Share it with us anonymously here.

Copyright © SC Magazine, Australia

Tags:

linkedin oauth security

Partner Content

From Faster Coding to Accelerated Innovation Cycles: How Intelligent Orchestration Unlocks AI's Promise

Promoted Content From Faster Coding to Accelerated Innovation Cycles: How Intelligent Orchestration Unlocks AI's Promise

Context engineering emerges as ‘next battleground’ for enterprise AI

Partner Content Context engineering emerges as ‘next battleground’ for enterprise AI

Targeting Maximum Competitive Advantage for Businesses

Promoted Content Targeting Maximum Competitive Advantage for Businesses

Re(AI)magining Melbourne: Persistent accelerates Australia’s enterprise AI momentum

Promoted Content Re(AI)magining Melbourne: Persistent accelerates Australia’s enterprise AI momentum

Sponsored Whitepapers

5 reasons to adopt a mobile first security strategy

5 reasons to adopt a mobile first security strategy

Uncomplicate IT Service Delivery with AI Agents

Uncomplicate IT Service Delivery with AI Agents

Getting ahead of the tech: what’s next for Australian organisations in digital transformation

Getting ahead of the tech: what’s next for Australian organisations in digital transformation

Fintech compliance made fast and secure

Fintech compliance made fast and secure

How to evaluate SIEM solutions Safeguarding your future Get a demo Download guide

How to evaluate SIEM solutions Safeguarding your future Get a demo Download guide

Events

Most Read Articles

CBA builds two AI agents to boost cyber defences

CBA builds two AI agents to boost cyber defences

Researchers uncover 'Darksword' iPhone spyware

Researchers uncover 'Darksword' iPhone spyware

Stryker contains cyber attack on its Microsoft environment

Stryker contains cyber attack on its Microsoft environment

Exploited Google Chrome zero-days added to US must-patch list

Exploited Google Chrome zero-days added to US must-patch list

Sydney-based AI-cloud waste startup raises $3m

Sydney-based AI-cloud waste startup raises $3m

Brennan uses NiCE to modernise its contact centre

Brennan uses NiCE to modernise its contact centre

Impact Awards: Tecala slashes customer response times for fintech IQumulate

Impact Awards: Tecala slashes customer response times for fintech IQumulate

Interactive introduces private cloud platform

Interactive introduces private cloud platform

Digital61 expands cybersecurity portfolio

Digital61 expands cybersecurity portfolio

Most popular tech stories