InfoSecBulletin Cybersecurity for mankind
“A critical vulnerability has been identified in the Google Authentication mechanism of the application. By manipulating the ID and email parameters in the authentication request, an attacker can obtain an access token for any user. This allows the attacker to take over any account without any user interaction, leading to a complete compromise of the victim’s account.”
What is the Single Sign-On (SSO):
CISA Alerts Fortinet Users as FortiBleed Affects 86,644 FortiGate Devices
CISA: Splunk flaw under active exploit, patch by Sunday
Texas data breach exposes 3 million driver’s licenses
Critical Cisco ISE Vulnerability Enables Remote Code Execution
F5 Patches NGINX Flaw for Code Execution and DoS Attacks
FortiBleed: 70,000 Fortinet Firewalls Compromised Globally
New Rokarolla Android malware hits 217 banking and crypto apps
Phishing Campaign Exploits Legitimate Microsoft Login Flow
ALERT
Cisco SD-WAN Zero-Day, FortiSandbox and cPanel flaws exploited in attacks
“Panthalassa” builds floating AI data centers powered by ocean waves
Using Single Sign-On (SSO) with Google Cloud is a smart choice for organizations. It improves security and makes user authentication easier. SSO centralizes authentication through a trusted Identity Provider (IdP), reducing risks. It also makes it easier for IT teams to manage user access and enforce security policies, including multi-factor authentication (MFA).
To transition smoothly to SSO, organizations should follow these steps: select a compatible IdP, configure settings, and thoroughly test the setup. SSO offers several benefits: improved security, better user experience, simplified administration, and compliance with regulatory standards.
Proof of Concept (PoC):
1-Login with Google:
2-Intercept the OAuth Request:
3-Modify the Request:
Change the id field to any ID.
NOTE In changing the ID, you can try any number because it does not verify whether this number is correct or not, but it verifies whether the ID existed before or not, so you can enter anything, for example
“id”:”1″ or “id”:”123456”…. etc
Change the email field to the victim’s email address.
4- now Gain Access to Victim’s Account:
Conclusion
This situation shows how a vulnerability can be used to take over accounts without any action from the user. It is important to fix this problem quickly to protect user data and the reputation of Example.com.
This article is first published in medium.com written by Elcapitano. He can be reach on X Elcapitano.
