/>
X
Innovation

Researcher reports LinkedIn cookie vulnerability

A security researcher has warned that LinkedIn's log-in cookie has a validity of one year rather than the more standard 24 hours, according to a report
Written by Jamie Yap, Contributor on

A security researcher has warned of a vulnerability that could expose LinkedIn user accounts, Reuters reported on Monday.

The flaw relates to how the professional-networking site manages cookies stored in user PCs after they log in to their accounts, according to Rishi Narang, who is based in New Delhi, India. Narang, who posted the security flaw on his blog, told Reuters that unlike other websites, which use cookies that typically expire within 24 hours, LinkedIn's "LEO_AUTH_TOKEN" has a validity of one year. This allows anyone who retrieves the specific file to access that particular user's account, without the need for log-in credentials.

The researcher added in the report that the problem of the one-year expiration for the cookie is "particularly acute" as LinkedIn users are not aware of this vulnerability and that they should take measures protect themselves.

For more on this ZDNet UK-selected story, see Researcher finds LinkedIn security flaw on ZDNet Asia.


Get the latest technology news and analysis, blogs and reviews delivered directly to your inbox with ZDNet UK's newsletters.
Editorial standards

Related

Trade in your old devices for Amazon gift cards. Here's how
Google Pixel Car Crash Detection

Trade in your old devices for Amazon gift cards. Here's how

XeroLinux could be the most beautiful Linux desktop on the market
The default XeroLinux desktop.

XeroLinux could be the most beautiful Linux desktop on the market

Kindle Scribe vs ReMarkable 2 Tablet: Digitize your notes
remarkable-2.jpg

Kindle Scribe vs ReMarkable 2 Tablet: Digitize your notes