Critical Flaws Enabled Takeover of Accounts

Critical Flaws Enabled Takeover of Accounts

Recently, security researchers discovered that the online travel agency was susceptible to critical vulnerabilities that could have been exploited to seize complete control of a user’s account.

Early in December 2022, API security company Salt Security discovered the problems and notified of them. In the ensuing weeks, patches were released, and Salt Security provided technical information.

OAuth, the authorization standard used by many online services to enable users to sign in with their Google or Facebook accounts, was the focus of the vulnerabilities discovered by Salt Security researchers in’s implementation. The flaws at were brought on by the Facebook OAuth integration.

Read More: Critical Vulnerabilities Allowed Account Takeover

For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.