))
This story was originally published on HackerNoon at: https://hackernoon.com/critical-vulnerability-in-swedish-bankid-exposes-user-data.
A common misconfiguration found in services integrating BankID, allows attackers to take over victim's accounts exploiting a Session Fixation bug
Check more stories related to cybersecurity at: https://hackernoon.com/c/cybersecurity. You can also check exclusive content about #bugbounty, #account-takeover, #digital-identity, #session-fixation-attack, #swedish-bankid-vulnerability, #eid-security-research, #secure-authentication, #hackernoon-top-story, and more.
This story was written by: @mastersplinter. Learn more about this writer by checking @mastersplinter's about page, and for more stories, please visit hackernoon.com.
When a service uses BankID to authenticate their users it is common for them to incorrectly implement some security features of the protocol which leaves them exposed to a Session Fixation CWE-384 vulnerability which can be used by an attacker to hijack a victim’s session on that service. Depending on the amount of access the attacker has after exploiting this vulnerability, the severity of such security flaw ranges between High and Critical
204集单集
This story was originally published on HackerNoon at: https://hackernoon.com/critical-vulnerability-in-swedish-bankid-exposes-user-data.
A common misconfiguration found in services integrating BankID, allows attackers to take over victim's accounts exploiting a Session Fixation bug
Check more stories related to cybersecurity at: https://hackernoon.com/c/cybersecurity. You can also check exclusive content about #bugbounty, #account-takeover, #digital-identity, #session-fixation-attack, #swedish-bankid-vulnerability, #eid-security-research, #secure-authentication, #hackernoon-top-story, and more.
This story was written by: @mastersplinter. Learn more about this writer by checking @mastersplinter's about page, and for more stories, please visit hackernoon.com.
When a service uses BankID to authenticate their users it is common for them to incorrectly implement some security features of the protocol which leaves them exposed to a Session Fixation CWE-384 vulnerability which can be used by an attacker to hijack a victim’s session on that service. Depending on the amount of access the attacker has after exploiting this vulnerability, the severity of such security flaw ranges between High and Critical
204集单集
Player FM正在网上搜索高质量的播客,以便您现在享受。它是最好的播客应用程序,适用于安卓、iPhone和网络。注册以跨设备同步订阅。
分享
