This week, we have the recent API fix involving group membership at Facebook, a case study of a BOLA vulnerability leaking users' credit coupons, a handy add-on for Burp Suite, plus an interview with a security expert on API security.
Vulnerability: Facebook
Facebook API was leaking information on users' memberships in private groups. Muhammad Sholikhin found that he could verify if someone was a member of a private Facebook group, as long as the attacker and the victim were connected (friends) on Facebook. Membership information on private Facebook groups is not supposed to be visible to anyone outside the group.
Source : https://dzone.com/articles/api-security-weekly-issue-146
No comments:
Post a Comment