OSDN -- Open-Source-Software-Entwicklung und Downloads
Übersetzungsstatus von Deutsch translation status for de

Ticket #44568
Ticket-Liste Neue Ticket abschicken RSS

Security problem in your site

Eröffnet am: 2022-05-12 20:01 Letztes Update: 2022-05-12 20:01

Auswertung:
(Anonym)
Verantwortlicher:
(Keine)
Typ:
Fehler
Status:
Offen
Komponente:
(Keine)
Meilenstein:
(Keine)
Priorität:
5 - Mittel
Schweregrad:
5 - Mittel
Lösung:
Keine
Datei:
Keine
Vote
Score: 0
No votes
0.0% (0/0)
0.0% (0/0)

Details

Security Team, We are an academic research team from the University of Trento. During a recent large-scale Internet security assessment, we have identified your web properties as impacted by "OAuth CSRF against redirect-URI" vulnerability. It results from the improper configuration of the OAuth 2.0 flow (in the context of the Google Login feature) and can lead to the leakage of sensitive information of end-users. For an overview of the vulnerability, please read section 10.12 of the OAuth 2.0 specification (RFC6749) and more specifically section 4.4.1.8 of the OAuth 2.0 Threat Model and Security Considerations (RFC 6819), at https://tools.ietf.org/html/rfc6819#section-4.4.1.8.

This email serves as an early notification to you as required by our team's ethical research and responsible disclosure guidelines. We are going to make the results of our study publicly available. We are not going to publicly name the individual parties impacted, but only provide aggregate results. However, our experiments are repeatable, and other parties may discover the same vulnerabilities unless these are addressed in a timely manner.

Sincerely,

Elham Arshad

Ticket-Verlauf (1/1 Historien)

2022-05-12 20:01 Aktualisiert von: None
  • New Ticket "Security problem in your site" created

Dateianhangliste

Keine Anhänge

Bearbeiten

You are not logged in. I you are not logged in, your comment will be treated as an anonymous post. » Anmelden