General Information

User Impersonation via Social Login Design Flaw

Variants:
Direct 

Vector Type:
Attack

Relevance:
Generic

Layer:
Application-Level

Platforms:
Any

Target Type:
Web Application

Affected Mechanisms:
Social Login

Invented In:
04/12/2014

Added In:
11/01/2015

Quick Introduction to the Topic:


Vector Operation Method:
A user impersonation attack abusing flaws in social login mechanisms trusted by the application and lack of email verification mechanism in one of the trusted identity provider - enabling attackers to change values in dedicated spoofed social accounts to impersonate legitimate social users on the target application.


Direct Variant:

SpoofedMe

Also Known As:
User Impersonation via Social Login Design Flaw

Typical Severity:
Major

Resources:

White Papers:

Learn More: