Security Analyst: LinkedIn Cookies Grant Account Access to Attackers

The popular professional social-networking website LinkedIn’s has vulnerabilities that make users’ accounts susceptible to hackers who could break in without needing passwords, according to a security researcher who detected the flaw.

News of the vulnerability emerged only days after LinkedIn Corp went public last week. Rishi Narang, an Internet security researcher based in India, who discovered the security flaw, told Reuters on Sunday the issue is related to the way LinkedIn manages web cookies.

When a user enters a username and password to gain access to an account, LinkedIn’s system creates a cookie on the user’s computer. While many websites use cookies, the LinkedIn cookie does not expire for a year from when it was created, Narang said.

The long life of that particular cookie means that anyone who gets hold of that file can load it onto a computer and easily  access the rightful user’s account for as much as a year.

Responding to the criticism, LinkedIn reduced the persistence of the cookie to three months and is also planning to support SSL across its site, The Register said.

 

 

You may also be interested in...

Red Hat’s David Egts: Open-Source Training, ‘Sense of Mission’ Could Help Agencies Address Cyber Skills Gap

David Egts, chief technologist for Red Hat’s North American public sector, has said there are several options …

HHS, Industry Aim to Help Health Organizations Mitigate Cyber Threats With New Publication

The Department of Health and Human Services has released a four-volume document that outlines 10 …

Cloud-Based Identity Tools, Mobile Device-Based Authentication Among Cyber Market Trends to Watch in 2019

Some of the trends in the cybersecurity market to watch in 2019 include the availability …