Vulnerability in Chess.com allowed access to 50 Million user records

OP 15 February, 2021 - 03:54 PM (This post was last modified: 15 February, 2021 - 03:55 PM by Mastiff.)

Quote:The vulnerability could have been exploited to access any account on the site including the Chess.com administrator account.

An IT security researcher identified a critical set of vulnerabilities in chess.com’s API, an immensely popular online chess playing site and app. The vulnerability could have been exploited to access any account on the site. It could also be used to gain full access to the site through its admin panel.

What Happened?
Cybersecurity researcher Sam Curry spent a lot of time finding vulnerabilities in Chess.com. The researcher started with finding generic vulnerabilities and stumbled upon a reflected XSS that could be exploited to drop backdoor to gain access to a victim’s account.

Full article on https://www.hackread.com/vulnerability-c...-accessed/

Login
Username:
Password:	Lost Password?
	Remember me

Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account Sign up for a new account in our community. It's easy! Register a new account	or	Sign in Already have an account? Sign in here. Sign in now

Vulnerability in Chess.com allowed access to 50 Million user records

About Cracked.io

Navigation

Extras

Help

Account