Booking.com account takeover flaw shows possible pitfalls in OAuth implementations
Booking.com, one of the world’s largest online travel agencies, recently patched a vulnerability in its implementation of the OAuth protocol that could have allowed attackers to gain access to customer accounts by simply tricking them into clicking a link. The attack combined three separate issues that on their own could be categorized as low risk and could be introduced by many developers into their implementations. “For the OAuth issues we found, had a bad actor…
Read More
