Worldwide Server-side Cache Poisoning on All Akamai Edge Nodes ($50K+ Bounty Earned)
Open link in next tab
Worldwide Server-side Cache Poisoning on All Akamai Edge Nodes ($50K+ Bounty Earned)
https://medium.com/@jacopotediosi/worldwide-server-side-cache-poisoning-on-all-akamai-edge-nodes-50k-bounty-earned-f97d80f3922b
Introduction And Context
So one could have replace a JS file with one fetched from attacker controlled server for any site behind Akamai like LastPass or PayPal. That JS could have exfiltrated all the secrets from these sites on the client side (post decryption) or replace account numbers with their own on behalf of the user.