Authentication bypass on Uber’s Single Sign-On via subdomain takeover

TL;DR: Uber was vulnerable to subdomain takeover on saostatic.uber.com via Amazon CloudFront CDN. Moreover, Uber’s recently deployed Single Sign-On (SSO) system at auth.uber.com, which is based on shared cookies between all *.uber.com subdomains, was found vulnerable to session cookie theft… Continue Reading →

Print Share Comment Cite Upload Translate

APA

() » Authentication bypass on Uber’s Single Sign-On via subdomain takeover. Retrieved from https://www.truth.cx/2017/06/25/authentication-bypass-on-ubers-single-sign-on-via-subdomain-takeover/.

MLA

" » Authentication bypass on Uber’s Single Sign-On via subdomain takeover." - , https://www.truth.cx/2017/06/25/authentication-bypass-on-ubers-single-sign-on-via-subdomain-takeover/

HARVARD

» Authentication bypass on Uber’s Single Sign-On via subdomain takeover., viewed ,

VANCOUVER

- » Authentication bypass on Uber’s Single Sign-On via subdomain takeover. [Internet]. [Accessed ]. Available from: https://www.truth.cx/2017/06/25/authentication-bypass-on-ubers-single-sign-on-via-subdomain-takeover/

CHICAGO

" » Authentication bypass on Uber’s Single Sign-On via subdomain takeover." - Accessed . https://www.truth.cx/2017/06/25/authentication-bypass-on-ubers-single-sign-on-via-subdomain-takeover/

IEEE

" » Authentication bypass on Uber’s Single Sign-On via subdomain takeover." [Online]. Available: https://www.truth.cx/2017/06/25/authentication-bypass-on-ubers-single-sign-on-via-subdomain-takeover/. [Accessed: ]

Select a language: Afrikaans Albanian Arabic Armenian Basque Bengali Bulgarian Catalan Cambodian Chinese (Mandarin) Croatian Czech Danish Dutch English Estonian Fiji Finnish French Georgian German Greek Gujarati Hebrew Hindi Hungarian Icelandic Indonesian Irish Italian Japanese Javanese Korean Latin Latvian Lithuanian Macedonian Malay Malayalam Maltese Maori Marathi Mongolian Nepali Norwegian Persian Polish Portuguese Punjabi Quechua Romanian Russian Samoan Serbian Slovak Slovenian Spanish Swahili Swedish Tamil Tatar Telugu Thai Tibetan Tonga Turkish Ukrainian Urdu Uzbek Vietnamese Welsh Xhosa TL;DR: Uber was vulnerable to subdomain takeover on saostatic.uber.com via Amazon CloudFront CDN. Moreover, Uber’s recently deployed Single Sign-On (SSO) system at auth.uber.com, which is based on shared cookies between all *.uber.com subdomains, was found vulnerable to session cookie theft… <a href="https://www.arneswinnen.net/2017/06/authentication-bypass-on-ubers-sso-via-subdomain-takeover/" class="more-link">Continue Reading <span class="meta-nav">→</span></a> First name:

Last name: