Grammarly authentication vulnerability
- February 7, 2018
- Ryan Miller
- 0 Comment
Grammarly is a service that corrects mis-spelling, sentence structure, punctuation, and checks for plagiarism. The service also has plugins for the Chrome and Firefox browsers, so you don’t have to copy and paste text in and out of Grammarly’s web user interface.
Taviso, a renowned security research for Google Project Zero, discovered the vulnerability on February 2nd and immediately reported it to Grammarly. This vulnerability was applicable only to the Grammarly Chrome extension that has approximately 22,000,000 active users.
Taviso describes how the vulnerability works via a vulnerability report by stating “The Grammarly Chrome extension (approx ~22M users) exposes it’s auth tokens to all websites. Therefore any website can log in to grammarly.com as you and access all your documents, history, logs, and all other data. I’m calling this a high severity bug because it seems like a pretty severe violation of user expectations.”
From the above explanation, you can see how severe this vulnerability is because if you visit a website that is controlled by a nefarious actor, your Grammarly account can be accessed to view your documents and payment information.
As per Google’s standard, Grammarly had 90 days to fix the vulnerability before it was released to the public, but 90 days wasn’t necessary. Taviso makes a note in a comment that Grammarly fixed the vulnerability and deployed the patch in three hours, and states that it’s a “really impressive response time.” Taviso saying that Grammarly’s response is impressive is saying a lot because he is notoriously cranky when it comes to working with the developers of products where he finds vulnerabilities.