Releases: Schine/MW-OAuth2Client
Releases · Schine/MW-OAuth2Client
MW OAuth2 Client 0.4 (Security Fix)
Enforce/verify state parameter of callback. Please update as soon as possible.
"The extension fails to check/validate the state parameter on the callback. This opens up the extension to an authentication bypass using a clickjacking technique. In effect a CSRF vulnerability (https://cwe.mitre.org/data/definitions/352.html) is present." - @f3ndot