#oauth-20
#oauth-20

[ follow ]

The DPoP Storage Paradox: Why Browser-Based Proof-of-Possession Remains an Unsolved Problem

DPoP binds tokens to client keys but lacks guidance on browser key storage, creating security vulnerabilities that must be addressed by practitioners.

Information security

fromComputerworld

2 months ago

New phishing campaign tricks employees into bypassing Microsoft 365 MFA

Attackers trick employees into registering a hacker-controlled device via OAuth device authorization, granting persistent access to Microsoft accounts and bypassing MFA.

Node JS

fromHackernoon

9 months ago

How to Capture OAuth Callbacks in CLI and Desktop Apps with Localhost Servers | HackerNoon

Use a temporary localhost HTTP server to capture OAuth authorization codes for CLI and desktop apps, enabling native OAuth flows without a public-facing callback URL.

Growth hacking

fromTechzine Global

1 year ago

Hackers exploit OAuth 2.0 workflows to hijack accounts

Russian hackers exploit OAuth 2.0 to gain unauthorized access to Microsoft 365 accounts of organizations connected to Ukraine.

[ Load more ]

#oauth-20#oauth-20

The DPoP Storage Paradox: Why Browser-Based Proof-of-Possession Remains an Unsolved Problem

New phishing campaign tricks employees into bypassing Microsoft 365 MFA

How to Capture OAuth Callbacks in CLI and Desktop Apps with Localhost Servers | HackerNoon

Hackers exploit OAuth 2.0 workflows to hijack accounts

#oauth-20
#oauth-20