Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Twitter Kit for iOS versions 3.0 to 3.2.1 is vulnerable to a callback verification flaw in the "Login with Twitter" component allowing an attacker to provide alternate credentials. In the final step of "Login with Twitter" authentication information is passed back to the application using the registered custom URL scheme (typically twitterkit-<consumer-key>) on iOS. Because the callback handler did not verify the authenticity of the response, this step is vulnerable to forgery, potentially allowing attacker to associate a Twitter account with a third-party service.
CVSS Information
N/A
Vulnerability Type
信任系统事件数据
Vulnerability Title
Twitter Kit for iOS Login with Twitter组件安全漏洞
Vulnerability Description
Twitter Kit for iOS是一套基于iOS平台的开源的用于与Twitter进行无缝交互的本地开发工具包。Login with Twitter component是其中的一个登陆组件。 基于iOS平台的Twitter Kit 3.0版本至3.2.1版本中的Login with Twitter组件存在安全漏洞。攻击者可利用该漏洞提交代替性的凭证,使推特账户与第三方服务发生关联。
CVSS Information
N/A
Vulnerability Type
N/A