User Impersonation via Social Login Design Flaw
Variants:
Direct
Vector Type:
Attack
Relevance:
Generic
Layer:
Application-Level
Platforms:
Any
Target Type:
Web Application
Affected Mechanisms:
Social Login
Invented In:
04/12/2014
Added In:
11/01/2015
Quick Introduction to the Topic:
Vector Operation Method:
A user impersonation attack abusing flaws in social login mechanisms trusted by the application and lack of email verification mechanism in one of the trusted identity provider - enabling attackers to change values in dedicated spoofed social accounts to impersonate legitimate social users on the target application.
