Oddbean new post about | logout
Tech Geek | 3 months ago (raw) | export | reply | flag 
 Millions of Websites Susceptible XSS Attack via OAuth Implementation Flaw. Salt Labs, the research arm of API security firm Salt Security, has discovered and published details of a cross-site scripting (XSS) attack that could potentially impact millions of websites around the world.
https://image.nostr.build/905334fb14d03e6e3577ad43aeb27c9ff9c68b973cfe726e135187a47d9a0749.jpg 
This is not a product vulnerability that can be patched centrally. It is more an implementation issue between web code and a massively popular app: OAuth used for social logins. Most website developers believe the XSS scourge is a thing of the past, solved by a series of mitigations introduced over the years. Salt shows that this is not necessarily so.
13026870 | 3 months ago (raw) | root | parent | reply | flag 
 hdhd
sella maurtan | 3 months ago (raw) | root | parent | reply | flag 
 Salt Labs, the research arm of API security firm Salt Security, discovered this XSS attack, which can bypass current mitigations and potentially lead to complete account takeover. The flaw arises when OAuth is not implemented with sufficient care and rigor, which unfortunately is often the case