Below you will find pages that utilize the taxonomy term “Tools for Humanity”
Advisories
Sign-in with World ID: XSS and ATO via OIDC Form Post Response Mode
Recently, Tools for Humanity partnered with the German HackerOne Club to run a one-week virtual and in-person Hacking Meetup. In the course of the meetup, a critical vulnerability within the Sign-in with World ID implementation was found, which affected the OpenID Connect form_post
Response Mode and could allow malicious actors to take over end-user accounts at third-party applications that utilize the Sign-in with World ID mechanism. The vulnerability was addressed within a few hours after triage.