{"type":"rich","version":"1.0","provider_name":"Transistor","provider_url":"https://transistor.fm","author_name":"Cybersecurity Tech Brief By HackerNoon","title":"Critical Vulnerability in Swedish BankID Exposes User Data","html":"","width":"100%","height":180,"duration":800,"description":"\n This story was originally published on HackerNoon at: https://hackernoon.com/critical-vulnerability-in-swedish-bankid-exposes-user-data.\n A common misconfiguration found in services integrating BankID, allows attackers to take over victim's accounts exploiting a Session Fixation bug \n Check more stories related to cybersecurity at: https://hackernoon.com/c/cybersecurity.\n You can also check exclusive content about #bugbounty, #account-takeover, #digital-identity, #session-fixation-attack, #swedish-bankid-vulnerability, #eid-security-research, #secure-authentication, #hackernoon-top-story, and more.\n \n \n This story was written by: @mastersplinter. Learn more about this writer by checking @mastersplinter's about page,\n and for more stories, please visit hackernoon.com.\n \n \n \n When a service uses BankID to authenticate their users it is common for them to incorrectly implement some security features of the protocol which leaves them exposed to a Session Fixation CWE-384 vulnerability which can be used by an attacker to hijack a victim’s session on that service. Depending on the amount of access the attacker has after exploiting this vulnerability, the severity of such security flaw ranges between High and Critical\n \n ","thumbnail_url":"https://img.transistorcdn.com/SySK4I0jwuU6AzeawZdYiDqTq8yzBjxJ5qfTpUuAxEo/rs:fill:0:0:1/w:400/h:400/q:60/mb:500000/aHR0cHM6Ly9pbWct/dXBsb2FkLXByb2R1/Y3Rpb24udHJhbnNp/c3Rvci5mbS9zaG93/LzQxMjY2LzE2ODM1/ODIzNTYtYXJ0d29y/ay5qcGc.webp","thumbnail_width":300,"thumbnail_height":300}