White Hat Hacker Saved Uber From Login Bypass Exploit

As it turns out, no company is safe from exploits or vulnerabilities. Not even Uber, who paid a researcher US$10,000, to not reveal his login bypass exploit. Such a vulnerability could effectively cripple the service if the information got into the wrong hands.

Uber Was Vulnerable To Dangerous Exploit

The security vulnerability would have had some nasty effects on the Uber network. Bypassing the login form would let attacks access specific “.uber.com” websites, which could affect the company’s internal network.  Nipping the potential flaws in the bud at an early stage is always the best strategy for a company.

Luckily for Uber, a white hat security researcher disclosed the bug to the company. If it had been a black hat hacker, the vulnerability would not have been reported, and there is no telling as to what would have happened. The researcher was paid a US$10,000 bounty for discovering this bug, which is the highest bounty Uber has ever paid out since launching the program earlier this year.

What this vulnerability does exactly, is letting attackers bypass the system used for Uber employee authentication. Additionally, it would have been possible to compromise the company’s internal network which is hosted on Atlassian’s Confluence software. Bypassing this login would allow an attacker to access the Uber Newsroom, which is running on WordPress.

Related Post

OneLogin is the company responsible for authenticating users on the WordPress backend. However, it is possible to enter any username or wanted role, as the plugin will create a new user if the username does not exist yet. If an attacker can guess the right role name – such as “Administrator – it is possible to create a new account and wreak all kinds of havoc.

Compromising Uber’s internal network is a more serious concern, though. Attacks would have been able to achieve remote code execution, as they can inject Javascript from the NewsRoom directly. Luckily, the company fixed all issues within 36 hours after finding out about what was going on.

Source: Threatpost

Images credit 1,2

If you liked this article follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin and altcoin price analysis and the latest cryptocurrency news.

JP Buntinx

JP Buntinx is a FinTech and Bitcoin enthusiast living in Belgium. His passion for finance and technology made him one of the world's leading freelance Bitcoin writers, and he aims to achieve the same level of respect in the FinTech sector.

Share
Published by
JP Buntinx

Recent Posts

Here’s Why Precious Metals Belong in Your Portfolio

Whether you already have a large portfolio or you’re just getting started in investing, precious…

1 hour ago

Gala Price Doubles After Town Star Nodes Announcement

Gala price is up over 93% today, making it the biggest gainer on Crypto.com, followed…

5 hours ago

Shiba Inu Price Holding Support as the FUD Continues

Shiba Inu's price continues to hold the $0.000049 support level amid FUD from major news…

6 hours ago

Top 5 Metaverse Coins With Over $1 Billion Market Cap

Following NFTs and Meme cryptocurrencies, Metaverse coins are undoubtedly the next big hype in crypto.…

9 hours ago

The Future of Eyewear is Looking Bright

The global pandemic changed many different aspects of our lives. One thing that has been…

12 hours ago

CRO Price Up 22% Amid Crypto.com’s New LA Arena

Crypto.com's CRO is up over 22% today, setting a new all time for the cryptocurrency.…

14 hours ago

This website uses cookies.