INTERNATIONAL: IT & WEB : Indian Researcher Anand Prakash Spots Security Flaw in LinkedIn

A security flaw was discovered in LinkedIn application by an Indian researcher that allowed attackers to delete posts from individual and company’s profile.

An Indian security researcher identified a bug in LinkedIn that allows attackers to delete posts on individual and company profiles.

The bug could be exploited to remove important content, which may impact flow of information on the platform.

The bug was found to exist in an insecure direct object reference in LinkedIn’s direct post request and existed due to lack of proper authorisation checks on the deleted post API request on the mobile website.

When notified, LinkedIn investigated the bug and implemented a patch for the security bug. The company awarded Indian security researcher Anand Prakash a bounty of $10,000 for responsibly disclosing the issue.

LinkedIn is a social networking site for the business community and is one of the largest global platforms for job seekers, employers, and recruiters.

source/content: thehindu.com (headline edited)