OAuth Exploit Allowed Researcher to Takeover Periscope TV Account

In a post on HackerOne's bug tracking platform, security researcher Ron Chan submitted a report to Twitter detailing how an attacker could takeover periscope.tv accounts using a host header attack.

According to Chan, "When you login periscope.tv using twitter, and change the host header from www.periscope.tv to attacker.com/www.periscope.tv, the oauth redirect destination will be attacker.com/www.periscope.tv, thus allowing attacker to send the oauth authorize link to victim, and takeover their account after auto redirect."

Following a successful host header exchange, attackers would have been able to share the OAuth authorization link to a victim of their choice and capture the target's credentials in the form of an OAuth authentication token.

It's important to mention that the attack only worked only if the victim's Twitter and Periscope TV accounts were linked, with the target having authorized the Periscope TV... (read more)

No comments:

Post a Comment