Skip to main content

Handful of OAuth bugs combine for GitHub session theft

posted onFebruary 10, 2014
by l33tdawg

Chaining together five low security bugs has allowed Russian security researcher Egor Homakov to steal user sessions and increase the scope of OAuth tokens from GitHub, giving Homakov the ability to access and delete private GitHub repositories and Gists.

Detailing the process of linking the five bugs together in a blog post, Homakov called his exploit the "perfect crime".

The pairs of bugs dealt with the permitting of directory traversal used in the redirect_uri parameter sent to GitHub, and the lack of validation of the redirect_uri parameter conducted by the repository hosting service. "It was flawed: no matter what redirect_uri the Client sent to get a token, the Provider responded with valid access_token," Homakov said.

Source

Tags

OAuth Security

You May Also Like

Recent News

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th

Friday, June 7th