Tuesday, September 16, 2014

Kindle security vulnerability can ‘compromise’ Amazon accounts – ZDNet

AMZN-hero
(Image: CNET / CBS Interactive)

A security vulnerability exists in Amazon’s Kindle Library, Which can be used to “compromise “an entire Amazon.com account, According to the researcher who found the flaw.

German researcher Benjamin Mussler published a proof-of-exploit on his blog after claiming Amazon previously fixed the flaw, but reintroduced it later he is. Mussler said Amazon had not responded after he submitted it for the second time, Which led him a Publicly disclose the flaw.

The vulnerability, known as a cross-site script (XSS), can be included in a Kindle e-book’s metadata, dry as the title, Which automatically box executes as soon as the victim opens Their Library Amazon Kindle page on Amazon.com.

“As a result, Amazon account cookies can be accessed by and Transferred to the attacker and the victim’s Amazon account can be compromised,” Mussler said.

Anyone who uses Amazon’s Kindle Library store e-books or deliver them to a Kindle, he said, is affected by the bug.

Mussler warned That Those Who Obtain e-books from untrustworthy sources, dry as pirated copies of popular books, are at greater risk than Those Who buy through Amazon.com.

The researcher said he first reported the vulnerability is privately Amazon in November 2013, and was fixed with a quick turnaround Relatively. But after the retail giant rolled out a new version of the “Manage Your Kindle” web application, the bug was reintroduced.

“Amazon chose not to respond to my email Subsequent detailing the issue, and two months later , the vulnerability remains unfixed, “he said.

We reached out to Amazon, but did not hear back at the time of writing.

LikeTweet

No comments:

Post a Comment