InformAction Forums

NoScripters and WebSec nerds of all lands, unite!
https://forums.informaction.com/

Accounts can be "pre-hijacked" on sites that allow multiple login methods

https://forums.informaction.com/viewtopic.php?t=26678

Page 1 of 1

Accounts can be "pre-hijacked" on sites that allow multiple login methods

Posted: Tue May 24, 2022 2:23 pm
by barbaz
https://arxiv.org/pdf/2205.10174.pdf

Wow. This maybe quite bad for people who are generally account-creation-averse. Sounds like the victim can't always detect this.

Re: Accounts can be "pre-hijacked" on sites that allow multiple login methods

Posted: Tue May 24, 2022 3:31 pm
by therube
A bit easier read, bleepingcomputer, Hackers can hack your online accounts before you even register them.

---

Similar exploit was also mentioned regarding Oauth2 (& Google & Facebook specifically).

Security Warning For Facebook Users Who Login With Gmail OAuth Code
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited