One Article Review
| Source |  The Hacker News |
|---|---|
| Identifiant | 8637255 |
| Date de publication | 2025-01-14 22:08:00 (vue: 2025-01-14 18:07:56) |
| Titre | Google OAuth Vulnerability Exposes Millions via Failed Startup Domains |
| Texte | New research has pulled back the curtain on a "deficiency" in Google\'s "Sign in with Google" authentication flow that exploits a quirk in domain ownership to gain access to sensitive data.
"Google\'s OAuth login doesn\'t protect against someone purchasing a failed startup\'s domain and using it to re-create email accounts for former employees," Truffle Security co-founder and CEO Dylan Ayrey said
New research has pulled back the curtain on a "deficiency" in Google\'s "Sign in with Google" authentication flow that exploits a quirk in domain ownership to gain access to sensitive data. "Google\'s OAuth login doesn\'t protect against someone purchasing a failed startup\'s domain and using it to re-create email accounts for former employees," Truffle Security co-founder and CEO Dylan Ayrey said |
| Notes | ★★★ |
| Envoyé | Oui |
| Condensat | access accounts against authentication ayrey back ceo create curtain data deficiency doesn domain domains dylan email employees exploits exposes failed flow former founder gain google has login millions new oauth ownership protect pulled purchasing quirk research said security sensitive sign someone startup truffle using vulnerability |
| Tags | Vulnerability |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.