Accounts can be "pre-hijacked" on sites that allow multiple login methods

Talk about internet security, computer security, personal security, your social security number...
Post Reply
barbaz
Senior Member
Posts: 10349
Joined: Sat Aug 03, 2013 5:45 pm

Accounts can be "pre-hijacked" on sites that allow multiple login methods

Post by barbaz » Tue May 24, 2022 2:23 pm

https://arxiv.org/pdf/2205.10174.pdf

Wow. This maybe quite bad for people who are generally account-creation-averse. Sounds like the victim can't always detect this.
*Always* check the changelogs BEFORE updating that important software!
-

User avatar
therube
Ambassador
Posts: 7792
Joined: Thu Mar 19, 2009 4:17 pm
Location: Maryland USA

Re: Accounts can be "pre-hijacked" on sites that allow multiple login methods

Post by therube » Tue May 24, 2022 3:31 pm

A bit easier read, bleepingcomputer, Hackers can hack your online accounts before you even register them.

---

Similar exploit was also mentioned regarding Oauth2 (& Google & Facebook specifically).

Security Warning For Facebook Users Who Login With Gmail OAuth Code
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0 SeaMonkey/2.53.13

Post Reply