asd
HomeTakeoverAccount TakeoverMeta Bug Bounty: Oculus Account Takeover Vulnerability Discovered

Meta Bug Bounty: Oculus Account Takeover Vulnerability Discovered

Facebook Oculus Account Takeover Due to Access Token Theft by Exploiting Open Redirect Vulnerability

Oculus Account Takeover – A critical security vulnerability was discovered by bug hunter Youssef Sammouda on January 19, 2023, which potentially allowed malicious actors to steal access tokens and gain unauthorized access to Facebook and Oculus accounts. The vulnerability stemmed from the Oculus application’s use of a redirect URI, auth.oculus.com/login/, which was previously a valid endpoint for logging in to Oculus using Facebook accounts.

However, after Oculus switched to using Meta Accounts for login, the endpoint would redirect to auth.meta.com/oidc/ for login and then back to auth.oculus.com. This change removed a crucial protection against token leakage, making it possible for an attacker to steal the access token and use it to access the victim’s Facebook and Oculus accounts.

The bug hunter explained that the vulnerability was relatively simple to exploit. The attack involved tricking the victim into logging into their Meta account through a login CSRF, then redirecting them to a malicious URL that would steal the access token. The token would then be leaked to a third-party application, potentially allowing the attacker to gain full access to the victim’s accounts.

The bug hunter reported the vulnerability to Meta on August 27, 2022, and it was acknowledged and fixed on September 25, 2022. Meta awarded the bug hunter a bounty of $44250 for discovering and reporting the critical vulnerability Oculus Account Takeover.

This incident highlights the importance of prioritizing security and performing thorough testing when implementing changes to authentication systems. Meta’s prompt response and acknowledgement of the vulnerability demonstrate their commitment to protecting user accounts and ensuring the security of their platforms.

–Meta bug bounty program

 

Link to read full write up: https://ysamm.com/?p=777

Save the PDF here

 

Christin
Christinhttps://secry.me/explore
A cybersecurity practitioner with more than 5 years of experience in the cybersecurity world. Has an interest in creating simple blog websites, learning about SEO and graphic design, writing, AI, and understanding the concepts of journalism. Intentionally created this website to make the world of cybersecurity more engaging by combining it with journalistic principles and presenting cybersecurity stories that are easy to understand, which can help anyone who wants to develop in the cybersecurity world.

RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

11 + 16 =

Most Popular

GOOGLE ADVERTISEMENT

- Advertisement -