The Most Common OAuth2 Vulnerability
The Most Common OAuth2 Vulnerability HN discussion TL;DR If website uses OAuth multi-logins there is an easy way to log into somebodys account, protection is almost never implemented and people dont take into account that OAuth is also used for authentication. OAuth2 is an authorization framework. Apparently its very popular now. Disregards its popularity a lot of people dont understand it deeply enough to write proper and secure implementation. OAuth1.a and OAuth2 are incompatible, some services use former(twitter, wtf, come on!), some latter, some of them have insufficient and poor documentation(in terms of security) etc. It took me a few hours to read OAuth2 draft thoroughly and I found a few interesting vectors. One of them I am exposing in this post. Its really dangerous but very common vulnerability for multi-login OAuth websites. A little bit of theory: response_type = code is server-side auth flow, should be used when possible, more secure th...