top | item 37976843

(no title)

0xcrypto | 2 years ago

Hi, author of the blog post here. Yes I understand your concern and I tried keeping Microsoft's name out of the title but couldn't think of anything else. Since the vulnerability only affects the oauth implementation for the connection with Microsoft accounts. Previously the title was "Microsoft OAuth token leak via open redirect in Harvest App" but later I changed it to "Microsoft Account's OAuth tokens leaking via open redirect in Harvest App". I am still considering to change it and open to suggestions.

discuss

nurple|2 years ago

If only tokens minted by MS were in scope of the vulnerability because of Harvest's outlook integration, maybe something like "Harvest OAuth CSRF Leaks Tokens of Microsoft Outlook Users" or "CSRF in Harvest's Outlook Integration Leaks User Tokens".

If you want to add any editorializing around mitigation, linking to the OAuth RFC[0] that dictates a MUST for binding the users auth state with the request to prevent such attacks would be instructive to readers.

[0] https://datatracker.ietf.org/doc/html/rfc6749#section-10.12

0xcrypto|2 years ago

Oh yes, that sounds better. I am changing the title now.

Updated to "Stealing OAuth tokens of connected Microsoft accounts via open redirect in Harvest App"