1k
200
3k942
))
This story was originally published on HackerNoon at: https://hackernoon.com/critical-vulnerability-in-swedish-bankid-exposes-user-data.
A common misconfiguration found in services integrating BankID, allows attackers to take over victim's accounts exploiting a Session Fixation bug
Check more stories related to cybersecurity at: https://hackernoon.com/c/cybersecurity. You can also check exclusive content about #bugbounty, #account-takeover, #digital-identity, #session-fixation-attack, #swedish-bankid-vulnerability, #eid-security-research, #secure-authentication, #hackernoon-top-story, and more.
This story was written by: @mastersplinter. Learn more about this writer by checking @mastersplinter's about page, and for more stories, please visit hackernoon.com.
When a service uses BankID to authenticate their users it is common for them to incorrectly implement some security features of the protocol which leaves them exposed to a Session Fixation CWE-384 vulnerability which can be used by an attacker to hijack a victim’s session on that service. Depending on the amount of access the attacker has after exploiting this vulnerability, the severity of such security flaw ranges between High and Critical
222 قسمت
This story was originally published on HackerNoon at: https://hackernoon.com/critical-vulnerability-in-swedish-bankid-exposes-user-data.
A common misconfiguration found in services integrating BankID, allows attackers to take over victim's accounts exploiting a Session Fixation bug
Check more stories related to cybersecurity at: https://hackernoon.com/c/cybersecurity. You can also check exclusive content about #bugbounty, #account-takeover, #digital-identity, #session-fixation-attack, #swedish-bankid-vulnerability, #eid-security-research, #secure-authentication, #hackernoon-top-story, and more.
This story was written by: @mastersplinter. Learn more about this writer by checking @mastersplinter's about page, and for more stories, please visit hackernoon.com.
When a service uses BankID to authenticate their users it is common for them to incorrectly implement some security features of the protocol which leaves them exposed to a Session Fixation CWE-384 vulnerability which can be used by an attacker to hijack a victim’s session on that service. Depending on the amount of access the attacker has after exploiting this vulnerability, the severity of such security flaw ranges between High and Critical
222 قسمت
Player FM در سراسر وب را برای یافتن پادکست های با کیفیت اسکن می کند تا همین الان لذت ببرید. این بهترین برنامه ی پادکست است که در اندروید، آیفون و وب کار می کند. ثبت نام کنید تا اشتراک های شما در بین دستگاه های مختلف همگام سازی شود.
1k200
3k942
اشتراک گذاری
