Skip to content

Releases: Schine/MW-OAuth2Client

MW OAuth2 Client 0.4 (Security Fix)

19 Aug 01:04
Compare
Choose a tag to compare

Enforce/verify state parameter of callback. Please update as soon as possible.

"The extension fails to check/validate the state parameter on the callback. This opens up the extension to an authentication bypass using a clickjacking technique. In effect a CSRF vulnerability (https://cwe.mitre.org/data/definitions/352.html) is present." - @f3ndot