Researchers discover flaws in authorisation protocol

Researchers discover flaws in authorisation protocol

OAuth 2.0, a security protocol popular among hackers, could enable them to perform man-in-the-middle attacks, according to researchers responsible for uncovering two vulnerabilities.

University of Trier security researchers discovered vulnerabilities in OAuth 2.0 that could allow cyber criminals to subvert sign-on systems. This particular protocol is used widely on social media websites, such as Google+ and Facebook, for user authentication.

Researchers Guido Schmitz, Ralf Küsters and Daniel Fett said that two prior unknown attacks carried out on OAuth, both managing to break the protocol’s authentication and authorisation, were discovered. The flaws were also found in the OpenID Connect standard and are able to be  exploited. These loopholes could result in user credentials being easier to obtain, and could enable hackers to impersonate users or acquire their data.

The researchers commented:

“This severe attack is caused by a logical flaw in the OAuth 2.0 protocol and depends on the presence of malicious identity provider.

“In this attack, the attacker (running a malicious RP) learns the user’s credentials when the user logs in at an IdP that uses the wrong HTTP redirection status code.”

Vulnerabilities are being found in systems up and down the UK by researchers and cyber professionals, so it’s important that businesses take note and comprehend the potential danger that they pose to any data they hold. It further illustrates the reasons behind there being more cyber security jobs available today. Businesses that are yet to have filled, or at least advertised, such positions would be wise to sit up and take notice.

Our accreditations & Partners

  • REC Member
  • VTC - Virtual Technology Cluster
  • Bloom Nepro
  • YPO
  • Crown Commerical Service
  • Disability Confident
  • ISO 9001
  • Armed Force Covenant
  • Cyber Essentials Plus
  • ISO 27001

Thanks

Success

Thanks

Success

Thank you for signing up to the acumin alerts.

Send CV

Send us your CV and have our recruiters match you to the ideal opportunities

Do you already have an account with us?

Log in

Want to have an account with us?

Register

Want to just send us your CV?

Upload only doc, docx, odt, pdf format file.

By submitting your registration and CV to us you are agreeing to join our database and to be contacted about relevant jobs industry communications. Please read our terms of business for more information.

Password reset

If you need a reminder for your password, fill out the field below

Log in

Access your account to edit your contact details, job alerts or to upload a new CV

Thank you

Success

Thank you for successfully uploading your CV.

Acumin Alerts

Success

Thanks for registering for Acumin alerts.

Acumin Alerts

Unfortunately your CV could not be uploaded

Please make sure your CV is one of the following file types: doc, docx, odt, pdf, rtf

Acumin Spam

Unfortunately your submission has been declared spam. Please try again.

Vacancy

Success

Thank you for submitting your vacancy.

Register

Create an account to register your contact details, sign up for job alerts and upload your CV

Success

Thanks for registering for Acumin alerts. To get the most out of Acumin's service why not register with us?

Upload only doc, docx, odt, pdf format file.
- Practitioner
- Commercial

I agree to the terms and conditions and to be contacted by recruiters:

I agree to receive marketing communications relevant to my job search:

I agree to receive Jobs By Email for the following professions:
- Business Continuity Management
- Counter Fraud
- Cyber Security
- Executive Management
- Governance & Compliance
- Information Security & Risk Management
- Penetration Testing & Digital Forensics
- Sales and Marketing
- Sales Engineering
- Security Management
- Technical Security
- Information/Risk Assurance
- Identity Management
- Application Security
- Security Architecture
- Dev/Sec Ops
- DV & SC Cleared Jobs
- Programme & Project Management
- CISO/CSO

Submit a Vacancy

Use the form below to submit a vacancy