HomeTech PlusTECH & OTHER NEWSCritical CSRF vulnerability found on Glassdoor company review platform

Critical CSRF vulnerability found on Glassdoor company review platform

Glassdoor, a website for job hunting and posting anonymous company reviews, has resolved a critical issue that could be exploited to take over accounts. 

Bug bounty researcher “Tabahi” (ta8ahi) found the issue, described as a site-wide cross-site request forgery (CSRF) bug deserving of a 9 – 10 severity score. 

The vulnerability impacted the Glassdoor web domain. A token, gdToken, was in use to prevent CSRF from occurring on endpoints, and at first glance, it appeared to be a secure implementation. 

However, Tabahi’s tests resulted in a fraudulent session request passing through CSRF checks — a discovery made by accident, as the bug bounty hunter missed copying an underscore beginning a request attempt. 

This odd discovery led Tabahi to try and reproduce the result. Generating CSRF tokens from account “A,” stripping the first character, and attempting to use it as the token for account “B” proved to be successful.

There are two types of Glassdoor accounts: one for job seekers and one for employers — both of which use the same CSRF protection. 

See also: Remote code execution vulnerability uncovered in Starbucks mobile platform

The vulnerability allowed attackers to obtain a CSRF token from the firm’s server to hijack accounts from logged-in victims. This could include establishing new administrators on employer accounts, deleting information on job seekers and employers, adding fake reviews, deleting CVs, as well as posting, applying for, and deleting job listings. 

Glassdoor’s security team triaged the problem as a token length validation error, and exception handling issues were also present. According to Tabahi, “an exception was triggered with the forged tokens and they didn’t fail the response, and in turn, just logged it and allowed the operation to continue.”

The bug bounty hunter first reported their findings to Glassdoor via HackerOne in February. After a period of time to triage the bug, the vulnerability report was accepted as valid and a critical score was issued. Glassdoor patched the issue in the same month, but public disclosure was only made in December. 

Tabahi was awarded a bug bounty of $3,000 for reporting the CSRF vulnerability, including both a $2,500 financial reward from Glassdoor and a $500 bonus from HackerOne.

Previous and related coverage


Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0


By ZDNet Source Link

Technology For You
Technology For Youhttps://www.technologyforyou.org
Technology For You - One of the Leading Online TECHNOLOGY NEWS Media providing the Latest & Real-time news on Technology, Cyber Security, Smartphones/Gadgets, Apps, Startups, Careers, Tech Skills, Web Updates, Tech Industry News, Product Reviews and TechKnowledge...etc. Technology For You has always brought technology to the doorstep of the Industry through its exclusive content, updates, and expertise from industry leaders through its Online Tech News Website. Technology For You Provides Advertisers with a strong Digital Platform to reach lakhs of people in India as well as abroad.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

spot_img

CYBER SECURITY NEWS

TECH NEWS

TOP NEWS