Vulnerabilities in TikTok Allowed One-Click Account Hacking

 The developers of the Chinese application TikTok have patched two vulnerabilities, the exploitation of which could allow attackers to take control of accounts with one click.


German security researcher Muhammad Taskiran discovered a reflected cross-site scripting (XSS) vulnerability in a TikTok URL parameter reflecting its value without proper cleanup. The problem could also lead to data leakage during fuzzing of the tiktok.com and m.tiktok.com domains.


The expert also found that the TikTok API endpoint is vulnerable to cross-site request forgery (CSRF) attacks, which allow changing passwords of user accounts registered with third-party applications.


“I combined both vulnerabilities by creating a simple JavaScript payload that triggers CSRF, which I previously pasted into the vulnerable URL parameter to archive one-click account hijacking,” Taskiran explained.

The Computer Support Specialists are the trained experts and are extremely helpful in the computer networking of an organization.

Taskiran reported to TikTok about vulnerabilities that could take over account control on August 26, and the company fixed the issues on September 18.

Comments

Popular posts from this blog

Is Windows 10 1909 Now Close?

Is it worth taking a free English proficiency test?

How to develop a digital security plan?