Recent Posts
Insufficient Redirect URI validation: The risk of allowing to dynamically add arbitrary query parameters and fragments to the redirect_uri
In this post, I will discuss an OAuth 2.0 and OpenID Connect 1.0 implementation flaw pattern that was or is present even in well-known implementations from Github, Stackoverflow and Microsoft.
XSS in Large Messenger and Payment App - a Shout Out to Parameter Guessing
This is a post about a Cross-Site-Scripting (XSS) vulnerability that was identified within the web version of a large Chinese messenger and payment platform. The vulnerability could have been missed easily, as the vulnerable parameter was manually guessed.
Real-life OIDC Security (VII): Responsible Disclosure
This is the final post of a series on Single Sign-On and OpenID Connect 1.0 security. In this post, Responsible Disclosure processes with five vendors and maintainers of popular OpenID Connect implementations are outlined. We reported vulnerabilities and security issues in Amazon Cognito, Bitbucket Server, GitLab, Keycloak, and Salesforce.