Gmail users should be aware of a new security vulnerability that could lead to their Facebook accounts being hacked. According to researcher Youssef Sammuda, logging into Facebook using Gmail credentials could allow a hacker to take control of the account. He says he exploited the vulnerability by hijacking Facebook accounts signed up using Gmail credentials. He exploited a vulnerability in Google’s OAuth id_token/code and used it to take control of those Facebook accounts. Visit for more updates: Digital marketing Agency in Lahore.

Exploiting redirects in Google OAuth

The exploited redirects were connected to the Facebook logout and sandbox systems. The exploit can be used to break into users’ accounts, gaining access to their information. Facebook has paid a bug bounty of $44,625 to Sammouda for his discovery. The bug bounty is awarded for identifying security issues in Facebook’s systems.

The vulnerability is not particularly difficult to exploit. A single-line phishing email can be sent to a user’s friends who have linked their Facebook accounts. Once a user has confirmed the account’s authenticity, the phishing attack is likely to be successful. Fortunately, Facebook makes unlinking accounts easy. They can do so from their settings in the accounts center or from their profiles.

The vulnerability affects two popular open-source session-authorization protocols. The problem involves both OAuth 2.0 and OpenID. Both standards allow users to log in using credentials from other websites. In some cases, the vulnerability allows attackers to disguise phishing attempts as legitimate websites. The vulnerability is widespread and has the potential to compromise millions of accounts. In addition to hijacking emails, this vulnerability also compromises Facebook’s security measures.

Exploiting Facebook vulnerabilities

The security researcher Youssef Sammouda has discovered a new way to exploit Facebook vulnerabilities by chaining Google’s OAuth authentication code with that of the social network. In a bug bounty deal, Sammouda was rewarded with $44,625 for his vulnerability disclosure. In March, Facebook patched the vulnerability, and this week it made it publicly available.

In a blog post, security researcher Youssef Sammouda explained a new vulnerability in Gmail that could allow a hacker to hijack Facebook accounts. This vulnerability occurs when users use their Gmail credentials to log into Facebook. This is accomplished by chaining Google’s redirection of the OAuth code to the Facebook system. By chaining these redirects together, the hacker could then take over a Facebook account.

While Facebook has patched the vulnerability, Google has not. This vulnerability may have led to the exploitation of other Facebook accounts. It is likely that the same vulnerability can be exploited on other social networking sites, as the id_token/code is used to authenticate users. This means that any account can be hijacked. As the security researcher said, the vulnerability is not limited to Facebook.

The flaw in Google’s OAuth code allows attackers to access a Facebook account. It is a part of the Open Authorization standard that lets users sign in with their existing accounts or by linking accounts from third-party sites. The researcher who discovered the vulnerability was paid $ 44,625 by Facebook. Since then, the vulnerability has been fixed. This exploit has been reported by Forbes.

As a result of this vulnerability, hackers can access the id and password of a user’s account. The hackers can then manipulate these passwords to gain access to their accounts. Thankfully, Facebook offers a way to remove the link between the two accounts, but it’s important to note that this method is still not secure. If you want to use Gmail for email, you should unlink your accounts from Facebook and not link them to third-party services.

Using OAuth code to log in with Gmail

In this article, we’ll explore how to prevent Facebook from showing a Security Warning to Facebook users who log in with the Gmail OAuth code. Google recommends creating an auth endpoint that conforms to its recommendations. For PHP, Ruby, and Python applications, we need to provide a valid redirect URI and follow Google’s validation rules. For testing purposes, we can use the localhost:8080 URL.

The latest security flaw exists with Google’s open authentication standard, which allows users to sign in with their current accounts or connect to their third-party accounts. Researchers discovered the problem by using Google’s OAuth code to hijack accounts of Facebook users. The flaw could be used to hack other accounts if they use the same Gmail credentials. Google OAuth redirects, which Facebook uses to link users’ accounts to external sites, can also be used to break Facebook accounts.

The implicit grant type is more vulnerable because the attacker can steal an access token from an innocent client application. By manually adding a scope parameter to the /userinfo endpoint, attackers can access additional user data without the user’s knowledge and approval. A better solution to avoid this situation is to register a client application with the OAuth service. This application can then make API calls to get access to user profile data.

Another common problem is that the client application doesn’t properly secure its OAuth configuration. When a user logs in with Facebook using their Gmail OAuth code, a security warning will appear. This problem can be solved by using the correct authentication and security measures. After all, the user’s OAuth password is protected by the same security standards as the website itself. This problem has been around for quite some time, and we can prevent it from happening again.

OAuth is a widely used authentication framework. It enables web applications and websites to gain access to the user’s account data without disclosing their username and password. In other cases, users may be prompted to grant third-party applications access to their email contacts, which will enable the application to recommend people to connect with. This security measure prevents the user from handing over full control of their accounts to third-party applications.

Another issue affecting OAuth is the fact that client applications implicitly assume that the OAuth provider’s information is accurate. Because some websites do not require authentication, attackers can register for an account with the same details as the target user. The attacker can then log in using the victim’s credentials to access the account. A security warning appears whenever such a scenario is detected. The best solution for avoiding such an issue is to disable Facebook’s OAuth service altogether.