News

Ars Technica15y
OAuth and OAuth WRAP: defeating the password anti-pattern
OAuth WRAP and OAuth 2.0: making a better solution The OAuth Web Resource Authorization Protocol (WRAP) is a simplified variant of OAuth that aims to reduce the complexity of the protocol.
CSOonline1y
Salt Security adds defense against OAuth attacks - CSO Online
As a result, the most common exploits involve attackers taking advantage of these OAuth misconfigurations and poor implementations, especially during the OAuth flow (aka authentication process ...
CSOonline1y
Failure to verify OAuth tokens enables account takeover on websites
The OAuth process works like this: a user wants to create an account on a website and chooses Login with Facebook and provides an email address.
Ars Technica4mon
What is device code phishing, and why are Russian spies so successful at it? - Ars Technica
It exploits “device code flow,” a form of authentication formalized in the industry-wide OAuth standard. Authentication through device code flow is designed for logging printers, smart TVs ...
Threat Post11y
Google Recommends Developers Support OAuth 2.0 | Threatpost
All of Google’s APIs work with OAuth 2.0, which supports integration with other IETF standards such as IMAP, SMTP, POP, XMPP, CalDAV, and CardDAV. Meanwhile, an unrelated vulnerability in OAuth ...
ZDNet2y
Microsoft warning: These phishing attackers used fake OAuth apps to steal email - ZDNET
Microsoft classifies the attack as "consent phishing" because the attackers use the bogus apps and Azure AD-based OAuth consent prompts (pictured below) to trick targets to grant permissions to ...