Rockstar Games: CSRF Vulnerability on https://signin.rockstargames.com/tpa/facebook/link/

2019-01-04T19:53:05
ID H1:474833
Type hackerone
Reporter netfuzzer
Modified 2020-06-12T14:01:11

Description

In this report, the researcher identified a Cross-Site Request Forgery vulnerability that could have allowed attackers to link a Facebook account to another user's Social Club account, and thus gain the ability to log in as the victim. We implemented an anti-CSRF token as part of the account-linking process in order to prevent this behavior and ensure it can no longer be exploited.