Cross Domain Policy Bug in Yahoo Mail

Share it:
Researcher Demonstrate Cross Domain Policy Bug in Yahoo Mail, Cross Domain Policy vulnerability  hacking yahoo mail, information security experts, ethical hacking, secure you email, secure email server,end-to-end encryption
Its going to be a years that Yahoo had announced its bug bounty programs, and the bounty programs had really helped the firm/organisation and the researcher too. Regarding the security scope Yahoo always gives prior importance, and also to its users privacy. Recently Yahoo had announced end-to-end encryption to its mail service (Ymail), added SSL by default  and also implements encryption between data centers.

A Canadian security  researcher, Jordan Milne had found a Cross Domain Policy vulnerability on Yahoo mail service. The loose Cross Domain Policy was for the flash request on Yahoo mail that puts Yahoo mail service under threats. By exploiting the vulnerability attacker can read the victims mails, read contacts, overall can have a full control on the account.
A cross-domain policy file is an XML document that grants a web client, such as Adobe Flash Player or Adobe Acrobat (though not necessarily limited to these), permission to handle data across domains. When clients request content hosted on a particular source domain and that content make requests directed towards a domain other than its own, the remote domain needs to host a cross-domain policy file that grants access to the source domain, allowing the client to continue the transaction.

As Milne says, Yahoo patched one issue related to a specific .swf file hosted on Yahoo’s content delivery network that contained a vulnerability that could give an attacker complete control over Yahoo Mail accounts cross origin. As the specific issue has been fixed by Yahoo team, but Milne thinks that there might be more vulnerability still exits.

On the blog post Milne had explained all the technical details about the bug, and says hacker could host a malicious .swf and entice the user via a phishing email or watering hole attack to visit the site in order to trigger the exploit.
 “Once you have control of someone’s email, you have the keys to their digital life. You can silently trigger password resets for all of their accounts, pull the reset tokens right out of their emails, then change the recovery emails on the accounts so the victim can’t get them back,” Milne said.

For reporting the vulnerability, Yahoo team awarded him a reward of $2,500 USD as part of their bounty program. 
Share it:

News

Research

Security

Yahoo

Post A Comment:

0 comments:

Follow by Email