![]() ![]() Once clicked, with no need even for them to enter any login credentials, their Fortnite username and password could immediately be captured the attacker." By discovering a vulnerability found in some of Epic Games' sub-domains, an XSS attack was permissible with the user merely needing to click on a link sent to them by the attacker. ![]() "Our team's research relied on a sophisticated and sinister method, that did not require the user to hand over any login details whatsoever. However, once clicked, the authentication token could be grabbed without users even signing in with their credentials. Malicious links could be crafted that appeared safe since the URLs seemed to come from Epic Games' domains. This oversight opened up the opportunity for phishing attacks. It started with Check Point finding two Epic subdomains that allowed redirects. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |