Hackers of India

Preventing Authentication Bypass: A Tale of Two Researchers

By  Ravi Jaiswal  , Terry Zhang  , Ron Chan  on 08 Aug 2019 @ Blackhat

Abstract

“I discovered a critical security issue that lets an attacker compromise any other user’s account without any user interaction."

Join Terry Zhang, Ron Chen, and a Microsoft Engineer for the coordinated public disclosure of a critical elevation of privilege vulnerability. This is the story of a research collision by two security researchers and the emergency response investigation that was launched as a result of their vulnerability reports. Attendees will learn the techniques used by researchers to identify the vulnerability, how companies can effectively partner with researchers throughout the disclosure process to protect customers, and what application developers can do to more securely code web applications to avoid similar flaws.