The Accidental Discovery of a New Vulnerability in Google's OAuth Implementation

Поделиться
HTML-код
  • Опубликовано: 5 мар 2024
  • Beware, dear friends, the cautionary tale of the cloud provider that broke its own security model. Ignoring RFCs! Putting plaintext passwords in scripts - and printing them in books! It's a crazy story, but one that may nonetheless resonate with enterprise security practitioners everywhere.
    In early 2021, I identified a client impersonation vulnerability in a series of Google "first-party" applications. This vulnerability allows an attacker to present themselves both to a user and to Google as one of these applications, and enjoy all the privileges therein....
    By: Brian Smith-Sweeney
    Full Abstract and Presentation Materials: www.blackhat.com/us-23/briefi...

Комментарии •

Следующие
Автовоспроизведение
A Decade After Stuxnet: How Siemens S7 is Still an Attacker's Heaven38:32A Decade After Stuxnet: How Siemens S7 is Still an Attacker's Heaven
A Decade After Stuxnet: How Siemens S7 is Still an Attacker's HeavenBlack Hat
Просмотров 4,9 тыс.
Introduction to OAuth 2.0 and OpenID Connect By Philippe De Ryck2:43:46Introduction to OAuth 2.0 and OpenID Connect By Philippe De Ryck
Introduction to OAuth 2.0 and OpenID Connect By Philippe De RyckDevoxx
Просмотров 14 тыс.
Keynote: My Lessons from the Uber Case1:05:00Keynote: My Lessons from the Uber Case
Keynote: My Lessons from the Uber CaseBlack Hat
Просмотров 2,8 тыс.
Cleetus.. ProLine Racing.. Mullets Engine.. Here's The Deal?38:53Cleetus.. ProLine Racing.. Mullets Engine.. Here's The Deal?
Cleetus.. ProLine Racing.. Mullets Engine.. Here's The Deal?Steve Morris Engines
Просмотров 692 тыс.
15 Amazing Secrets in the Shadow of the Erdtree DLC12:5515 Amazing Secrets in the Shadow of the Erdtree DLC
15 Amazing Secrets in the Shadow of the Erdtree DLCVaatiVidya
Просмотров 488 тыс.
aespa 'Hot Mess' MV03:27aespa 'Hot Mess' MV
aespa 'Hot Mess' MVSMTOWN
Просмотров 4,6 млн
Full Face UNDER $100 From SEPHORA Makeup Challenge!22:04Full Face UNDER $100 From SEPHORA Makeup Challenge!
Full Face UNDER $100 From SEPHORA Makeup Challenge!James Charles
Просмотров 438 тыс.
🔴 Let’s build ChatGPT Messenger 2.0 with REACT! (Next.js 13, Firebase, Tailwind CSS, TypeScript)3:39:50🔴 Let’s build ChatGPT Messenger 2.0 with REACT! (Next.js 13, Firebase, Tailwind CSS, TypeScript)
🔴 Let’s build ChatGPT Messenger 2.0 with REACT! (Next.js 13, Firebase, Tailwind CSS, TypeScript)Sonny Sangha
Просмотров 1,1 млн
Threat Modelling with Reliable Data - OWASP Switzerland - Tony UV - VerSprite1:18:54Threat Modelling with Reliable Data - OWASP Switzerland - Tony UV - VerSprite
Threat Modelling with Reliable Data - OWASP Switzerland - Tony UV - VerSpriteVerSprite
Просмотров 67
Where People Go When They Want to Hack You34:40Where People Go When They Want to Hack You
Where People Go When They Want to Hack YouCyberNews
Просмотров 1,2 млн
37C3 - How Many Planets in Our Solar System? Glad You Asked!1:01:4637C3 - How Many Planets in Our Solar System? Glad You Asked!
37C3 - How Many Planets in Our Solar System? Glad You Asked!media.ccc.de
Просмотров 6 тыс.
So You Think You Know Git - FOSDEM 202447:00So You Think You Know Git - FOSDEM 2024
So You Think You Know Git - FOSDEM 2024GitButler
Просмотров 1 млн
Black Hat 2013 - Exploiting Network Surveillance Cameras Like a Hollywood Hacker33:36Black Hat 2013 - Exploiting Network Surveillance Cameras Like a Hollywood Hacker
Black Hat 2013 - Exploiting Network Surveillance Cameras Like a Hollywood HackerHackersOnBoard
Просмотров 1 млн
HOW IT'S MADE #003 | Steps of creating incredible visualization in 3Ds Max3:59:39HOW IT'S MADE #003 | Steps of creating incredible visualization in 3Ds Max
HOW IT'S MADE #003 | Steps of creating incredible visualization in 3Ds Maxrender.camp
Просмотров 382 тыс.
You Can Run, but You Can't Hide - Finding the Footprints of Hidden Shellcode31:44You Can Run, but You Can't Hide - Finding the Footprints of Hidden Shellcode
You Can Run, but You Can't Hide - Finding the Footprints of Hidden ShellcodeBlack Hat
Просмотров 6 тыс.
Broadpwn: Remotely Compromising Android and iOS via a Bug in Broadcom's Wi-Fi Chipsets53:16Broadpwn: Remotely Compromising Android and iOS via a Bug in Broadcom's Wi-Fi Chipsets
Broadpwn: Remotely Compromising Android and iOS via a Bug in Broadcom's Wi-Fi ChipsetsBlack Hat
Просмотров 147 тыс.
Кто Последний Уснёт - Получит 250.000 (Сатир, Хазяева, Кокошка, Дилблин) Часть 21:19:34Кто Последний Уснёт - Получит 250.000 (Сатир, Хазяева, Кокошка, Дилблин) Часть 2
Кто Последний Уснёт - Получит 250.000 (Сатир, Хазяева, Кокошка, Дилблин) Часть 2ExileShow
Просмотров 2,6 млн
⚡️Uylanishim kerak, sovchilikka borasizmi?...😅00:50⚡️Uylanishim kerak, sovchilikka borasizmi?...😅
⚡️Uylanishim kerak, sovchilikka borasizmi?...😅RENESSANS TV - RTV
Просмотров 295 тыс.
Еду за гитарой…01:00Еду за гитарой…
Еду за гитарой…Александр Пушной
Просмотров 149 тыс.
He styled ME in HIS clothes 💗🥺 What do you think? Subscribe for #fashion ✨00:18He styled ME in HIS clothes 💗🥺 What do you think? Subscribe for #fashion ✨
He styled ME in HIS clothes 💗🥺 What do you think? Subscribe for #fashion ✨BO BROWN
Просмотров 3,2 млн
Если нарежешь огурец больше чем я то получишь арбуз (2024)00:51Если нарежешь огурец больше чем я то получишь арбуз (2024)
Если нарежешь огурец больше чем я то получишь арбуз (2024)Екатерина Ковалева
Просмотров 154 тыс.
Чичваркин. Кто хозяин Арестовича, кто пейджер Зеленского и Путина, Си толкает Путина на переговоры43:54Чичваркин. Кто хозяин Арестовича, кто пейджер Зеленского и Путина, Си толкает Путина на переговоры
Чичваркин. Кто хозяин Арестовича, кто пейджер Зеленского и Путина, Си толкает Путина на переговорыДмитрий Гордон
Просмотров 825 тыс.
🍮🐶🤎 #StrayKids #스트레이키즈 #리노 #LeeKnow #승민 #Seungmin #YouMakeStrayKidsStay00:16🍮🐶🤎 #StrayKids #스트레이키즈 #리노 #LeeKnow #승민 #Seungmin #YouMakeStrayKidsStay
🍮🐶🤎 #StrayKids #스트레이키즈 #리노 #LeeKnow #승민 #Seungmin #YouMakeStrayKidsStayStray Kids
Просмотров 795 тыс.
Июль в Tanks Blitz51:46Июль в Tanks Blitz
Июль в Tanks BlitzTanks Blitz. Официальный канал
Просмотров 94 тыс.