You can now find Cyber Kendra on Google News | Telegram

Buggy WordPress Plugin Disclose Twitter Users Access Tokens

WordPress Plugin leaks Twitter Users account access tokens
Researcher found a popular WordPress Plugin called Social Network Tab is leaking linked Twitter account access tokens and accounts access keys in its source code which is leading to a takeover of the Twitter account.

The bug identified as CVE-2018-20555 has been found by a French security researcher named Baptiste Robert  going with the twitter handle Elliot Alderson. These access tokens are used to login the account without any passwords.

Initially to check the bug, Baptiste used Publicwww site to search the vulnerable code and found 539 vulnerable sites. For proof-of-concept he wrote a code which gathers all the access tokens from affected websites.

Researcher pointed out there was couple of verified twitter accounts too in the affected account lists.

Baptiste had reported the issue to Twitter on December 1, prompting twitter to revoke the keys for account security.
Regarding this type of issues (access tokens related) Twitter have already mentioned some security measures that users should follow. Users should check to which apps they have given permission and if there is unwanted apps they should revoke the access to the apps. 

Post a Comment

Cookie Consent
We serve cookies on this site to analyze traffic, remember your preferences, and optimize your experience.
It seems there is something wrong with your internet connection. Please connect to the internet and start browsing again.
AdBlock Detected!
We have detected that you are using adblocking plugin in your browser.
The revenue we earn by the advertisements is used to manage this website, we request you to whitelist our website in your adblocking plugin.
Site is Blocked
Sorry! This site is not available in your country.