Log in | Register
  1. Forum
  3. JFBConnect
  5. JFBConnect v9 for Joomla 4 and Joomla 5
  7. Google OAuth Vulnerability

Topic-icon Google OAuth Vulnerability

7 months 3 weeks ago #69244 by dwreski
Hello, we are on the latest version of JFB.

A security researcher approached us with a vulnerability relating to our use of Google oAuth.

If an attacker convinces someone to visit their website, the attacker can then trick the victim into using the victim's Google credentials to gain access to the victim's Google account using the security token they captured from our site. 

Looking for your input on this serious issue. 
The topic has been locked.
7 months 3 weeks ago #69245 by dwreski
Replied by dwreski on topic Google OAuth Vulnerability
This is a pretty serious issue, can we get a response?
The topic has been locked.
Support Specialist
7 months 3 weeks ago #69246 by alzander
Replied by alzander on topic Google OAuth Vulnerability
Is there any more information you can provide on this as to the vector, how it affects only your site (or those with JFBConnect), etc?

Google Oauth uses the Oauth2 flow, which is used by virtually all 3rd party login mechanisms. We didn't create Oauth2, we simply implement it and there are many, many safeguards in place to not allow what it sounds like you're describing.

We're unaware of any such vulnerability, but will gladly investigate. Please feel free to use the Contact Us link at the top to send any private information.

Thanks,
The topic has been locked.
7 months 3 weeks ago #69247 by dwreski
Replied by dwreski on topic Google OAuth Vulnerability
How can I email you the details directly?
The topic has been locked.
Support Specialist
7 months 2 weeks ago #69248 by alzander
Replied by alzander on topic Google OAuth Vulnerability
support at sourcecoast.com

Thanks!
The topic has been locked.
  1. Forum
  3. JFBConnect
  5. JFBConnect v9 for Joomla 4 and Joomla 5
  7. Google OAuth Vulnerability
From the Blog
Facebook | Twitter | LinkedIn | Blog RSS