MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos

Security flaws could have had LEGO users bricking it

Thursday December 15, 2022. 02:52 PM , from BetaNews
Research from Salt Labs has highlighted two API security vulnerabilities discovered within BrickLink, a digital resale platform owned by The LEGO Group. BrickLink is the world's largest online marketplace to buy and sell second-hand LEGO. The API security flaws could have allowed for both large-scale account takeover (ATO) attacks on customers' accounts and server compromise to allow bad actors to take control of accounts and steal personal details. Salt Labs researchers discovered the vulnerabilities by examining areas of the site that support user input fields. In the 'Find Username' dialog box of the coupon search functionality, researchers found a cross-site… [Continue Reading]
News copyright owned by their original publishers | Copyright © 2004 - 2023 Zicos / 440Network
Current Date
Sep, Tue 26 - 17:09 CEST