4 matches found
Authentication flaw
This vulnerability was caused by an incomplete fix to CVE-2017-0911. Twitter Kit for iOS versions 3.0 to 3.4.0 is vulnerable to a callback verification flaw in the "Login with Twitter" component allowing an attacker to provide alternate credentials. In the final step of "Login with Twitter"...
CVE-2017-0911
Twitter Kit for iOS versions 3.0 to 3.2.1 is vulnerable to a callback verification flaw in the "Login with Twitter" component allowing an attacker to provide alternate credentials. In the final step of "Login with Twitter" authentication information is passed back to the application using the...
CVE-2017-0911
CVE-2017-0911 affects Twitter Kit for iOS 3.0–3.2.1. The issue is a callback verification flaw in the Login with Twitter flow: the final response is sent back via the registered custom URL scheme without authenticating the response, enabling forgery and potential association of a Twitter account ...
CVE-2017-0911
Twitter Kit for iOS versions 3.0 to 3.2.1 is vulnerable to a callback verification flaw in the "Login with Twitter" component allowing an attacker to provide alternate credentials. In the final step of "Login with Twitter" authentication information is passed back to the application using the...