The Shopify Breach: Why Authz Exploits Slip by Most Security Defenses
What Happened As part of a bug bounty, the security researcher Uzsunny found a critical vulnerability on the Shopify platform. The vulnerability allowed the attacker to assign himself as a “collaborator” to any store on Shopify without approval from the store’s manager. Collaborators have full access to perform any action on the store, including reading […]
The post The Shopify Breach: Why Authz Exploits Slip by Most Security Defenses appeared first on DevOps.com.
Source: DevOps.com