More

    Grammarly Successfully Addresses Sign-In Vulnerabilities Following Alert from Cyber Researchers

    Grammarly Addresses Security Flaws

    Grammarly, the widely used typing assistant, recently announced a fix for vulnerabilities in user logins. These security issues impacted the social sign-in feature, letting users sign in through platforms like Facebook or Google.

    Origin of the Vulnerability

    Problems in implementing the Open Authentication (OAuth) protocol caused these vulnerabilities. Salt Security, a security firm, discovered these flaws. They also found similar vulnerabilities in other products, including the Indonesian video streaming app Vidio.

    Grammarly’s Swift Action

    After receiving a notification from Salt Security, Grammarly’s engineering team quickly resolved the issues. Their prompt action ensured user safety and data security. They confirmed that these vulnerabilities didn’t compromise any Grammarly accounts. To maintain transparency, Grammarly has shown appreciation for third-party experts and promotes its bug bounty program.

    Details on the Flaw

    Salt Security released an in-depth report on the OAuth protocol flaws. Their research showed that Grammarly and Vidio didn’t verify the access token adequately. This oversight allowed Salt Labs researchers to use tokens from other sites and access user accounts illegally. Experts call this technique a “Pass-The-Token Attack.”

    Insights from Salt Security

    Yaniv Balmas, Salt Security’s vice president of research, stated that the core design of OAuth remains robust. However, the way different parties implement it introduces vulnerabilities. He stressed that proper awareness and knowledge play crucial roles in the secure implementation of social logins.

    Previous Discoveries and Expert Opinions

    Earlier this year, Salt Security reported similar issues with Booking.com. Aubrey Perin, from Qualys suggests companies opt for single sign-on (SSO) solutions over social sign-ins. They offer better control and auditing features. While some experts appreciate OAuth’s advantages, others highlight its appeal to attackers. They emphasize the critical role of identity and authentication in protecting data, especially when vulnerabilities could lead to full account takeovers.

    Conclusion

    Grammarly’s prompt response and its collaboration with security researchers set a precedent. It highlights the importance of addressing security issues promptly and effectively.

    Latest articles

    Related articles