FRINK Linked Data Fragments server

Matches in SemOpenAlex for { <https://semopenalex.org/work/W4281399359> ?p ?o ?g. }

• W4281399359 abstract "The ubiquity of user accounts in websites and online services makes account hijacking a serious security concern. Although previous research has studied various techniques through which an attacker can gain access to a victim's account, relatively little attention has been directed towards the process of account creation. The current trend towards federated authentication (e.g., Single Sign-On) adds an additional layer of complexity because many services now support both the classic approach in which the user directly sets a password, and the federated approach in which the user authenticates via an identity provider. Inspired by previous work on preemptive account hijacking [Ghasemisharif et al., USENIX SEC 2018], we show that there exists a whole class of account pre-hijacking attacks. The distinctive feature of these attacks is that the attacker performs some action before the victim creates an account, which makes it trivial for the attacker to gain access after the victim has created/recovered the account. Assuming a realistic attacker who knows only the victim's email address, we identify and discuss five different types of account pre-hijacking attacks. To ascertain the prevalence of such vulnerabilities in the wild, we analyzed 75 popular services and found that at least 35 of these were vulnerable to one or more account pre-hijacking attacks. Whilst some of these may be noticed by attentive users, others were completely undetectable from the victim's perspective. Finally, we investigated the root cause of these vulnerabilities and present a set of security requirements to prevent such vulnerabilities arising in future." @default.
• W4281399359 created "2022-05-25" @default.
• W4281399359 creator A5010807871 @default.
• W4281399359 creator A5011721286 @default.
• W4281399359 date "2022-05-20" @default.
• W4281399359 modified "2023-09-27" @default.
• W4281399359 title "Pre-hijacked accounts: An Empirical Study of Security Failures in User Account Creation on the Web" @default.
• W4281399359 doi "https://doi.org/10.48550/arxiv.2205.10174" @default.
• W4281399359 hasPublicationYear "2022" @default.
• W4281399359 type Work @default.
• W4281399359 citedByCount "0" @default.
• W4281399359 crossrefType "posted-content" @default.
• W4281399359 hasAuthorship W4281399359A5010807871 @default.
• W4281399359 hasAuthorship W4281399359A5011721286 @default.
• W4281399359 hasBestOaLocation W42813993591 @default.
• W4281399359 hasConcept C108827166 @default.
• W4281399359 hasConcept C109297577 @default.
• W4281399359 hasConcept C111919701 @default.
• W4281399359 hasConcept C154945302 @default.
• W4281399359 hasConcept C177264268 @default.
• W4281399359 hasConcept C199360897 @default.
• W4281399359 hasConcept C2777212361 @default.
• W4281399359 hasConcept C38652104 @default.
• W4281399359 hasConcept C41008148 @default.
• W4281399359 hasConcept C98045186 @default.
• W4281399359 hasConceptScore W4281399359C108827166 @default.
• W4281399359 hasConceptScore W4281399359C109297577 @default.
• W4281399359 hasConceptScore W4281399359C111919701 @default.
• W4281399359 hasConceptScore W4281399359C154945302 @default.
• W4281399359 hasConceptScore W4281399359C177264268 @default.
• W4281399359 hasConceptScore W4281399359C199360897 @default.
• W4281399359 hasConceptScore W4281399359C2777212361 @default.
• W4281399359 hasConceptScore W4281399359C38652104 @default.
• W4281399359 hasConceptScore W4281399359C41008148 @default.
• W4281399359 hasConceptScore W4281399359C98045186 @default.
• W4281399359 hasLocation W42813993591 @default.
• W4281399359 hasLocation W42813993592 @default.
• W4281399359 hasOpenAccess W4281399359 @default.
• W4281399359 hasPrimaryLocation W42813993591 @default.
• W4281399359 hasRelatedWork W186464874 @default.
• W4281399359 hasRelatedWork W2236103065 @default.
• W4281399359 hasRelatedWork W256509171 @default.
• W4281399359 hasRelatedWork W2926083084 @default.
• W4281399359 hasRelatedWork W2989822291 @default.
• W4281399359 hasRelatedWork W2991390974 @default.
• W4281399359 hasRelatedWork W3049397689 @default.
• W4281399359 hasRelatedWork W3171528634 @default.
• W4281399359 hasRelatedWork W4284891686 @default.
• W4281399359 hasRelatedWork W2588870966 @default.
• W4281399359 isParatext "false" @default.
• W4281399359 isRetracted "false" @default.
• W4281399359 workType "article" @default.