Microsoft patches gaping security hole in Yammer
At the end of July Microsoft plugged a gaping hole in its enterprise social networking tool, Yammer.
As reported on ZDNet, Yammer (acquired by Microsoft in late 2012) relies on the popular OAuth 2.0 authentication scheme. However, an error in Yammer's implementation of OAuth allowed a security researcher at Vulnerability Laboratory to find critical information with simple Google searches and use that information to log in as another user.
The researcher, Ateeq Khan, notified Microsoft of the hole on July 10, and the fix was applied on July 31. No further corrective action is required by Yammer users.
ZDNet's John Fontana points out that Facebook has suffered from a similar flaw in its OAuth implementation.