LinkedIn OAuth Unverified Email Social Login Bypass

Aleph Research Advisory

Identifier

ALEPH-2014009

Severity

High

Product

LinkedIn Website

Mitigation

LinkedIn is now patched.

Technical Details

LinkedIn supplied the account’s email addresses as part of the social login authentication process even when the user’s ownership of this email address had not been positively verified. This allowed for a social login attack as detailed in the paper.

Timeline

01-Mar-17
: Added as ALEPH-2014009.
03-Dec-14
: Public disclosure.

Credit

Or Peles (@peles_o)
Roee Hay (@roeehay) of Aleph Research, HCL Technologies

External References

paper: SpoofedMe - Intruding Account using Social Plogin Providers