チケット #44568

Security problem in your site

登録: 2022-05-12 20:01 最終更新: 2022-05-12 20:01

報告者:
(匿名)
担当者:
(未割り当て)
チケットの種類:
状況:
オープン
コンポーネント:
(未割り当て)
マイルストーン:
(未割り当て)
優先度:
5 - 中
重要度:
5 - 中
解決法:
なし
ファイル:
なし
投票
点数: 0
No votes
0.0% (0/0)
0.0% (0/0)

詳細

Security Team, We are an academic research team from the University of Trento. During a recent large-scale Internet security assessment, we have identified your web properties as impacted by "OAuth CSRF against redirect-URI" vulnerability. It results from the improper configuration of the OAuth 2.0 flow (in the context of the Google Login feature) and can lead to the leakage of sensitive information of end-users. For an overview of the vulnerability, please read section 10.12 of the OAuth 2.0 specification (RFC6749) and more specifically section 4.4.1.8 of the OAuth 2.0 Threat Model and Security Considerations (RFC 6819), at https://tools.ietf.org/html/rfc6819#section-4.4.1.8.

This email serves as an early notification to you as required by our team's ethical research and responsible disclosure guidelines. We are going to make the results of our study publicly available. We are not going to publicly name the individual parties impacted, but only provide aggregate results. However, our experiments are repeatable, and other parties may discover the same vulnerabilities unless these are addressed in a timely manner.

Sincerely,

Elham Arshad

チケットの履歴 (1 件中 1 件表示)

2022-05-12 20:01 更新者: None
  • 新しいチケット "Security problem in your site" が作成されました

添付ファイルリスト

添付ファイルはありません

編集

ログインしていません。ログインしていない状態では、コメントに記載者の記録が残りません。 » ログインする