Severe vulnerability in iGoogle Facebook-gagdet

Frank Goossens' Twitterless twaddle

Severe vulnerability in iGoogle Facebook-gagdet

I by chance discovered a severe security vulnerability in iGoogle’s Facebook-gadget (more than 1 million users!), which allows an attacker to log into an other user’s Facebook account, bypassing authentication.

I contacted the author and the Google security team and they confirmed there appears to be a problem which they’ll look into. While they do so, I would strongly advise everyone not to use the iGoogle Facebook gadget. Once the hole is closed, I’ll provide more info on how this could be exploited.

Share this:

Possibly related twitterless twaddle:

Why I dislike Facebook’s Like widgets
Facebook drops iphone in favor of touch
Browserless twaddle; Facebook plugin for Pidgin
5 reasons why the NMBS should have an API
Facebook voor lamzakken (en het gevaar van twitterish)

Written by frank

July 27th, 2010 at 11:11 pm

Posted in Internet,lang:en,security

Tagged with facebook, gadget, igoogle

futtta's blog

Severe vulnerability in iGoogle Facebook-gagdet

Leave a Reply

futtta in english

timeless info

you said, she said

recent blogposts

me and my cloud

mijn dochterken blogt

Copyleft