Latest News

Apple preps E2EE RCS messaging in latest iOS beta

From hype to value: The AI trends set to shape 2026

Telstra needs expanded LEOsat fleet as remote mobile outages leap

Microsoft rolls out initiative to limit data centre power costs

Identity at the Centre: Why AI Is Accelerating a New Security Imperative

LinkedIn fixes OAuth flaw

By Darren Pauli

Jul 23 2013 3:11PM

Researcher sends heads up.

LinkedIn has fixed a flaw in its website that allowed OAuth tokens to be stolen.

LinkedIn fixes OAuth flaw

British software engineer Richard Mitchell found he could steal OAuth tokens over HTTP thanks to formerly weak authentication within an interstitial page in LinkedIn's help site.

"I quickly found a request to a JavaScript file including the API key for the help system which immediately returned an OAuth token for the user," Mitchell said.

"You shouldn’t trust JavaScript or the referer header exclusively for any kind of authorisation policy."

LinkedIn fixed the flaw on 5 July two days after it was reported and sent Mitchell a t-shirt for his effort.

Got a news tip for our journalists? Share it with us anonymously here.

Copyright © SC Magazine, Australia

Tags:

linkedin oauth security

Partner Content

Suntory Oceania’s $30 million IT transformation powers carbon-neutral multi beverage facility

Partner Content Suntory Oceania’s $30 million IT transformation powers carbon-neutral multi beverage facility

Cyber Engineering launches at ctrl:cyber with former Shelde founders

Partner Content Cyber Engineering launches at ctrl:cyber with former Shelde founders

Empowering Sustainability: Schneider Electric's Commitment to Driving Customer Success

Partner Content Empowering Sustainability: Schneider Electric's Commitment to Driving Customer Success

Identity at the Centre: Why AI Is Accelerating a New Security Imperative

Partner Content Identity at the Centre: Why AI Is Accelerating a New Security Imperative

Sponsored Whitepapers

Fintech compliance made fast and secure

Fintech compliance made fast and secure

How to evaluate SIEM solutions Safeguarding your future Get a demo Download guide

How to evaluate SIEM solutions Safeguarding your future Get a demo Download guide

2025 Security operations insights: Three-quarters of security leaders need something new in SIEM

2025 Security operations insights: Three-quarters of security leaders need something new in SIEM

Sumo Logic named in the 2025 Gartner Critical Capabilities for Security Information and Event Management (SIEM)

Sumo Logic named in the 2025 Gartner Critical Capabilities for Security Information and Event Management (SIEM)

The cloud tipping point

The cloud tipping point

Events

iTnews Executive Retreat - Security Leaders Edition

Most Read Articles

Researchers detail Bluetooth headphone attack that can hijack smartphones

Researchers detail Bluetooth headphone attack that can hijack smartphones

Patients fret as ManageMyHealth data breach drama plays out

Patients fret as ManageMyHealth data breach drama plays out

Aussie teenager charged with swatting US retailers and educational institutions

Aussie teenager charged with swatting US retailers and educational institutions

Cloudflare DNS reply change crashed Cisco SME switches

Cloudflare DNS reply change crashed Cisco SME switches

Sydney-based AI-cloud waste startup raises $3m

Sydney-based AI-cloud waste startup raises $3m

Brennan uses NiCE to modernise its contact centre

Brennan uses NiCE to modernise its contact centre

Impact Awards: Tecala slashes customer response times for fintech IQumulate

Impact Awards: Tecala slashes customer response times for fintech IQumulate

Interactive introduces private cloud platform

Interactive introduces private cloud platform

Digital61 expands cybersecurity portfolio

Digital61 expands cybersecurity portfolio

Most popular tech stories