Ticket #44568

Security problem in your site

Open Date: 2022-05-12 20:01 Last Update: 2022-05-12 20:01

Reporter:
(Anonymous)
Owner:
(None)
Type:
Status:
Open
Component:
(None)
MileStone:
(None)
Priority:
5 - Medium
Severity:
5 - Medium
Resolution:
None
File:
None
Vote
Score: 0
No votes
0.0% (0/0)
0.0% (0/0)

Details

Security Team, We are an academic research team from the University of Trento. During a recent large-scale Internet security assessment, we have identified your web properties as impacted by "OAuth CSRF against redirect-URI" vulnerability. It results from the improper configuration of the OAuth 2.0 flow (in the context of the Google Login feature) and can lead to the leakage of sensitive information of end-users. For an overview of the vulnerability, please read section 10.12 of the OAuth 2.0 specification (RFC6749) and more specifically section 4.4.1.8 of the OAuth 2.0 Threat Model and Security Considerations (RFC 6819), at https://tools.ietf.org/html/rfc6819#section-4.4.1.8.

This email serves as an early notification to you as required by our team's ethical research and responsible disclosure guidelines. We are going to make the results of our study publicly available. We are not going to publicly name the individual parties impacted, but only provide aggregate results. However, our experiments are repeatable, and other parties may discover the same vulnerabilities unless these are addressed in a timely manner.

Sincerely,

Elham Arshad

Ticket History (1/1 Histories)

2022-05-12 20:01 Updated by: None
  • New Ticket "Security problem in your site" created

Attachment File List

No attachments

Edit

You are not logged in. I you are not logged in, your comment will be treated as an anonymous post. » Login