Masanin tsaro na bayanai Amol Baikar ya fitar da bayanai kan raunin shekaru goma a cikin ka'idar izini ta OAuth da dandalin sada zumunta na Facebook ke amfani da shi. Yin amfani da wannan raunin ya ba da damar yin kutse a asusun Facebook.
Matsalar da aka ambata ta shafi aikin "Login with Facebook", wanda ke ba ka damar shiga shafukan yanar gizo daban-daban ta amfani da asusun Facebook. Don musanya alamu tsakanin facebook.com da albarkatu na ɓangare na uku, ana amfani da ka'idar OAuth 2.0, wacce ke da kurakuran da ke ba maharan damar shiga alamun shiga don kutse asusun mai amfani. Yin amfani da mugayen shafuka, maharan na iya samun dama ba kawai ga asusun Facebook ba, har ma da asusun wasu ayyukan da ke goyan bayan aikin "Login with Facebook". A halin yanzu, babban adadin albarkatun yanar gizon yana goyan bayan wannan fasalin. Bayan samun damar shiga asusun ajiyar da abin ya shafa, maharan na iya aika saƙonni, gyara bayanan asusun, da kuma aiwatar da wasu ayyuka a madadin masu hacked asusu.
Rahotanni sun ce, mai binciken ya sanar da Facebook matsalar da aka gano a watan Disambar bara. Masu haɓakawa sun yarda da raunin kuma sun gyara shi da sauri. Koyaya, a cikin Janairu, Baikar ya samo hanyar da za ta ba da damar shiga asusun masu amfani da hanyar sadarwa. Facebook daga baya ya gyara wannan raunin shima, kuma mai binciken ya sami tukuicin $55.
source: 3dnews.ru