what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

LinkedIn User Account Handling

LinkedIn User Account Handling
Posted Jul 29, 2014
Authored by Kishor Sonawane

LinkedIn suffered from a user account handling vulnerability.

tags | exploit, csrf
SHA-256 | dd6ed709186c8feeaebc535e20b97700385afcfc7f3bff6f93e8a57396aa2011

LinkedIn User Account Handling

Change Mirror Download
Varutra Consulting Responsible Vulnerability Disclosure
- Vulnerability release date: November 11th, 2013
- Last revised: February 5th, 2014
- Discovered by: Kishor Sonawane, Varutra Consulting

Multiple vulnerabilities in LinkedIn User Account Handling

LinkedIn is a business-oriented Social networking service. One purpose of the sites is to allow registered users to maintain a list of contact details of people with whom they have some level of relationship, called Connections. Users can invite anyone (whether a site user or not) to become a connection. More details about LinkedIn can be found at http://en.wikipedia.org/wiki/LinkedIn

LinkedIn has already hit the 300 million users mark in 2014.

There are multiple security issues in LinkedIn user account handling.

In a normal scenario a LinkedIn user logs into his/her account and can change existing Email address or add new Email address. User can use any of the Email addresses to login into LinkedIn account.

It was observed that following security issues are present in LinkedIn

a. LinkedIn adds new Email address without any confirmation from the user.
By simply adding a new Email address will make it fully functioning immediately.

This means if an attacker manages to add an arbitrary Email Id to a victim user's LinkedIn account then it will not need any verification.
Also, an attacker can ask for password reset link from LinkedIn forgot password page immediately after adding the arbitrary Email id to a victim's account and own his/her account.

b. User (LinkedIn account owner) cannot remove the arbitrary Email address (added by an attacker) from his own LinkedIn account.

So if the victim comes to know that an unknown Email Id has got added to his/her account still they cannot remove it as LinkedIn does not process the request of removal successfully and only shows a false message that the Email Id has been removed.

c. Insecure password reset module

Even after password reset link is used and user has changed the password, this link will be activated for 24 hours where attacker can reset the password again and again. This way once compromised account can not be secured again by the victim user.


Steps to conduct the attack.
I. Attacker use some techniques such as CSRF like vulnerability to Social Engineering and adds a custom Email Id to victim's LinkedIn account.
II. Attacker goes to LinkedIn forgot password page and reset victim's password by providing the newly added Email id.
III. Attacker accesses the password reset link from custom Email id account and owns victim's LinkedIn account.
IV. Victim user on knowing that his account is compromised will try to remove the newly added custom Email Id/attacker's Email Id but cannot remove it.
V. Victim user will reset his password with his own account but attacker will again access the same password reset link and reset the password to continue having access to victim's LinkedIn account.

An attacker can compromise a LinkedIn user account and can retain his access forever.

LinkedIn service

Resolved by LinkedIn


This vulnerability has been discovered by
Kishor (at) varutra (dot) com

November 11, 2013: Initial release
February 05, 2014: New update

The information contained within this advisory is supplied "as-is"
with no warranties or guarantees of fitness of use or otherwise. Varutra accepts no responsibility for any damage caused by the use or misuse of this information.

Varutra Consulting is a pure play Information Security Consulting, Research and Training services firm, providing specialized security services for software, mobile application and network infrastructure.
Our Mission is to exceed client expectations, deliver quality security services in totality, covering People, Process and Technology asset of the client, with assurance of comprehensive coverage on every possible facet of information security related risk.

You can follow Varutra Consulting, news and security advisories at:

Login or Register to add favorites

File Archive:

December 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    11 Files
  • 2
    Dec 2nd
    0 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By