OAuth Flaw Exposed Millions of Airline Users to Account Takeovers
The now-fixed vulnerability involved a major travel services company that's integrated with dozens of airline websites worldwide.
Stay secure online with the latest on authentication techniques, best practices, and industry updates at the forefront of information security.
Search across headline titles and summaries.
Background for this topic.
Authentication confirms the identity of users or systems before granting access to resources, typically using factors like passwords (knowledge), hardware tokens (possession), or biometrics (inherence). It establishes trust boundaries that prevent unauthorized entities from impersonating legitimate users or devices within networks and applications.
Weak authentication enables attackers to perform account takeover, privilege escalation, or lateral movement by exploiting stolen credentials, phishing, or replay attacks. Deploying multi-factor authentication (MFA) with independent factors significantly reduces these risks. Secure credential storage, regular rotation, and monitoring authentication logs for anomalies are critical defenses to detect and block unauthorized access attempts early in the attack chain.
The now-fixed vulnerability involved a major travel services company that's integrated with dozens of airline websites worldwide.
Cybersecurity researchers have disclosed details of a now-patched account takeover vulnerability affecting a popular online travel service for hotel and car rentals
Open-source password manager Bitwarden is adding an extra layer of security for accounts that are not protected by two-factor authentication, requiring email verification before allowing access to accounts. [...]
Preauthentication Deserialization Flaw Could Result in Remote Code ExecutionSoftware vendors and national security agencies are urging immediate patching of a critical SonicWall flaw days after the security device manufacturer disclosed that hackers are actively exploiting a zero-day. The flaw doesn't require user authentication.
A set of three distinct but related attacks, dubbed 'Clone2Leak,' can leak credentials by exploiting how Git and its credential helpers handle authentication requests. [...]