From trufflesecurity.com
Millions of Accounts Vulnerable due to Google’s OAuth Flaw ◆ Truffle Security Co.
10 29
Millions of Americans can have their data stolen right now because of a deficiency in Google’s “Sign in with Google” authentication flow. If you’ve worked for a startup in the past - especially one that has since shut down - you might be vulnerable.
#sec #flaw #oidc #login #weblog #websec #infosec #security #weblogin #vulnerable
on Tue, 5PM
From elhacker.net
Millones de cuentas vulnerables por fallo en OAuth de Google
3 3
Blog sobre informática, tecnología y seguridad con manuales, tutoriales y documentación sobre herramientas y programas
#cve #noticias #seguridad #vulnerabilidad #oauth #google
9h ago
From damienbod.com
ASP.NET Core user delegated access token management
2 2
The article looks at managing user delegated access tokens for a downstream API in an ASP.NET Core web application. There are many ways of implementing this, all with advantages and disadvantages. …
#api #jwt #oidc #oauth #dotnet #aspnetcore #openidconnect
17h ago
From bleepingcomputer.com
Google OAuth flaw lets attackers gain access to abandoned accounts
2 11
A weakness in Google's OAuth "Sign in with Google" feature could enable attackers that register domains of defunct startups to access sensitive data of former employee accounts linked to various software-as-a-service (SaaS) platforms.
on Tue, 5PM