Fixed a vulnerability with signed requests #57

merged 1 commit into from Jan 15, 2013


None yet

2 participants


See the next scenario.

1) Alice is logged into Facebook
2) Alice visits (our PHP SDK example endpoint). The SDK will write her signed_request, user_id, and access_token to a session cookie.
3) Alice is then tricked into visiting{Bob's signed request}. The SDK will then set the user_id to Bob, while keeping Alice's access_token in persistent storage
4) If has another endpoint that authenticates based on getUser(), Bob now has access to data returned by Alice's access_token.

This fixes it.

@oyvindkinsey oyvindkinsey merged commit bf99924 into facebookarchive:master Jan 15, 2013
@kilotaras kilotaras deleted the unknown repository branch Jan 15, 2013
@niallkennedy niallkennedy referenced this pull request in facebookarchive/wordpress Jan 29, 2013

fix a vulnerability with signed requests. facebook-php-sdk #57 #375

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment