Booking.com’s OAuth Implementation Allows Full Account Takeover

Researchers exploited issues in the authentication protocol to force an open redirection from the popular hotel reservations site when users used Facebook to log in to accounts.

This article has been indexed from Dark Reading

Read the original article: