Failure to verify OAuth tokens enables account takeover on websites
Researchers have found yet another OAuth implementation error on various websites that allow users to authenticate with their identities from third-party services such as Facebook or Google. Some sites fail to complete an important step in the OAuth authorization chain that involves validating for which app an access token was issued by the identity provider. […]
Cyber News, Cyber Threat Trends