Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

October 2023

OAuth security gaps at Grammarly (now remediated)

This short video explains how Salt Labs researchers identified several critical security flaws on the popular site - Grammarly. The flaws were found in the site's authentication functionality and could have allowed a malicious attacker to take over user accounts, access profile information, and take actions on behalf of the user. All issues were reported to Grammarly and have been resolved with no evidence of these flaws being actively exploited in the wild. In the research, they also found similar vulnerabilities in Vidio.com and Bukalapak.com.

Oh-Auth - Abusing OAuth to take over millions of accounts

OAuth (Open Authorization) is one of the fastest adopted technologies in the AppSec domain. From its first introduction in 2006, as an attempt to introduce a standard authorization protocol, it has become one of the most popular protocols for both user authorization and authentication, and it’s being used by almost every major web service and website today. One of the reasons for its huge popularity is its ease of implementation.