Researchers, discovered an exploit lies in the authentication code of Google’s free email service linked with Facebook logout, that might endanger sensitive information affecting millions of users worldwide
The Google OAuth (Open Authorization) that redirects are connected to FB’s logout. It’s also linked to the sandbox systems.This flaw is connected to Facebook, accounts that are linked when signing up for Gmail could be affected by this security problem.
OAuth enables individuals to connect their accounts to third-party websites. In this context, you will be using the same username and password shared with the apps.
Facebook uses an extra security mechanism called “Checkpoint” to make sure that any user that logs in is who they claim to be. In some cases Checkpoint present those users with a CAPTCHA challenge to limit the number of tries.
Facebook uses Google CAPTCHA and as an extra security feature the CAPTCHA is put in an iFrame. The iFrame is hosted on a sandboxed domain (fbsbx.com) to avoid adding third-party code from Google into the main domain. An iFrame is a piece of HTML code that allows developers to embed another HTML page on their website.
The URL for the iFrame includes the link to the checkpoint as a parameter.The attacker can replace the referrer part in the URL by changing it into a next parameter. This allows the attacker to send the URL including the login parameters to the sandbox domain which could lead to a XSS attack.
The impact of this exploit could be more concerning. He cited that Facebook has granted a “bug bounty” of $44,625 for this result to the researcher.
Youssef Sammouda is the security researcher worked on this finding.