Samsung has fixed a vulnerability on at least one of its Samsung.com sites that allowed attackers to take over the account of a target by creating a lookalike user name. The vulnerability, reported by security researcher Matthew Bryant (who goes by the hacker name "mandatory"), made it possible for someone to create a username using an intended victim’s e-mail address with added trailing spaces. While this created a separate account, the attacker would then be authenticated as the targeted user when going to other subdomains within Samsung.com.
The bug, caused by the way Samsung’s Web applications pruned (or “scrubbed”) extra trailing characters off of account e-mail addresses, affected all of Samsung.com’s subdomains. But according to Bryant, Samsung has now fixed the problem on its e-commerce site—the one with the most sensitive user data.
“If your username was originally ‘[email protected]<SPACE><SPACE>,’” Bryant wrote in a blog post today, “after visiting http://shop.us.samsung.com/ it would be scrubbed to ‘[email protected]’.” While the webpage for creating new accounts prevents adding trailing spaces to user names through form validation, the spaces can be added using an HTTP intercept tool such as the Tamper Data Firefox add-on.
Read 1 remaining paragraphs | Comments