Security problem in your site
We are an academic research team from the University of Trento.
During a recent large-scale Internet security assessment, we have identified your web properties as impacted by "OAuth CSRF against redirect-URI" vulnerability. It results from the improper configuration of the OAuth 2.0 flow (in the context of the Google Login feature) and can lead to the leakage of sensitive information of end-users.
For an overview of the vulnerability, please read section 10.12 of the OAuth 2.0 specification (RFC6749) and more specifically section 184.108.40.206 of the OAuth 2.0 Threat Model and Security Considerations (RFC 6819), at https://tools.ietf.org/html/rfc6819#section-220.127.116.11.
This email serves as an early notification to you as required by our team's ethical research and responsible disclosure guidelines. We are going to make the results of our study publicly available. We are not going to publicly name the individual parties impacted, but only provide aggregate results. However, our experiments are repeatable, and other parties may discover the same vulnerabilities unless these are addressed in a timely manner.