The popular professional social-networking website LinkedIn’s has vulnerabilities that make users’ accounts susceptible to hackers who could break in without needing passwords, according to a security researcher who detected the flaw.
News of the vulnerability emerged only days after LinkedIn Corp went public last week. Rishi Narang, an Internet security researcher based in India, who discovered the security flaw, told Reuters on Sunday the issue is related to the way LinkedIn manages web cookies.
The long life of that particular cookie means that anyone who gets hold of that file can load it onto a computer and easily access the rightful user’s account for as much as a year.
Responding to the criticism, LinkedIn reduced the persistence of the cookie to three months and is also planning to support SSL across its site, The Register said.