Rockstar Games: Account Takeover using Linked Accounts due to lack of CSRF protection

ID H1:463330
Type hackerone
Reporter rafiem
Modified 2019-02-20T14:12:59


In this report, the researcher found a weakness in our third-party account linking process. They were able to create a malicious link that, if clicked by the victim, would under certain conditions give the attacker access to the victim's Social Club account. This issue has now been fixed.