Uber recently patched an authentication bypass vulnerability on its custom single sign-on solution that would have allowed attackers to steal session tokens, fully takeover uber subdomains, and hijack accounts to steal victim data hosted on Uber systems.
The vulnerability was spotted by Independent Researcher Arne Swinnen earlier this month, according to a recent blog post. An attacker could exploit the flaw without any prior knowledge of the victim or their credentials and a victim would only need to be lured to a website under the attackers control and be authenticated to an Uber subdomain.
Swinnen first submitted a bug report to Uber on July 4 and was rewarded a $500 reward but after explaining the full extent of the flaw, he was eventually awarded the extra $4,500.
The full proof of concept of the attack was disclosed Monday after Swinnen confirmed the issue had been resolved.