SPOTAPOD: SERIOUS LEMPOD VULERABILITY CVSS Score: 8.8 out of 10 WHICH ALLOWS HACKERS ACCESS TO YOUR

Petition updateHelp Humanity Abandon Vanity-Driven Metrics and Embrace Meaningful MeasuresSPOTAPOD: SERIOUS LEMPOD VULERABILITY CVSS Score: 8.8 out of 10 WHICH ALLOWS HACKERS ACCESS TO YOUR

Daniel HallHagerstown, MD, United States

28 Mar 2024

UPDATE: LinkedIn has reached out to work with me on verification of my findings. I’ll keep everyone posted

heres the post on LinkedIn: https://www.linkedin.com/posts/danielbhall_braand-spotapod-unpod-activity-7178805213951111168-3D9a?utm_source=share&utm_medium=member_ios

Many people were confused this morning about my LEMPOD vulnerability post, so I wanted to try and break it down in human terms. Some of it may get a little techy, but hang tight.

Discovery Date: 2024-03-26

Synopsis: LEMPOD LinkedIn li_at cookie vulnerability- CVSS Score: 8.8 out of 10

Score Details are here: https://lnkd.in/gjkg-P9U

This vulnerability exists when navigating to a pod on the LEMPOD platform. Once there an attacker can see the websocket traffic that quickly yields the users in the POD along with their private information and LinkedIn li_at cookie which is sent down to the client via JSON format. An attacker can also bypass LEMPOD’s tracking security protocol which tracks users’ interaction with their site.

An attacker can glean all users information that are members of the PODS. An attacker could scrape this data in a loop at high speeds and possibly cause a denial-of-service attack with multiple accounts attacking at the same time on both the LEMPOD platform and possibly the LinkedIn platform after they have received the li_at cookies.

This vulnerability is exploitable at any time from a remote network, e.g., across the Internet as long as the attacker has user level privileges to
LEMPOD. Confidential information is accessible to the attacker on the LEMPOD platform.

This type of attack violates GDPR as attackers now have the li_at cookie used to login to LinkedIn. Once inside LinkedIn the attackers have full control of the LinkedIn account.

If and when a hacker/company downloads this data, they can start profiling anyone which is against GPDR regulation. This could also be used for
targeting email, ads etc. as well as it could be used to discredit and/or damage anyone’s personal branding.

With over 1 billion members on LinkedIn, this data is becoming somewhat of a fabulous database for people and companies to go phish in.

BINGE MY CONTENT HERE: https://lnkd.in/efru2cpc

If you love my work and want to help, please consider buying me a coffee using this link https://lnkd.in/gWzJTxU3 - The money will surely help with my research. LinkedIn recommendations also goes a long way. Feel free to DM me.

Also, if you want to help put the HUMAN back into HUMANity, please consider signing my petition at https://chng.it/xqFLbPTmTg

Be Real Authentic and Never Duplicate and please follow my hashtag
#braand #spotapod #unpod

Support now

Sign this petition

Copy link

Facebook

Nextdoor

SPOTAPOD: Jay Shetty - Storyteller, Podcaster & Former Monk - Found in 28 PODS

Help Humanity Abandon Vanity-Driven Metrics at TEDxLoganCircle