Re: [security-dev] How we hacked Facebook with OAuth2 and Chrome bugs

Wednesday, 20 February 2013

This seems like a problem with Facebook's implementation. If the OAuth 2 
Provider is exclusively access code access and requires confidential 
clients I don't see how any of the hacks can work. This is why in our 
OAuth 2 implementation (Resteasy), we don't allow any of the public and 
insecure options for OAuth2 and everything is confidential.

On 2/20/2013 6:36 AM, Bruno Oliveira wrote:
...
 A quite interesting article about OAuth2:

 http://homakov.blogspot.com.br/2013/02/hacking-facebook-with-oauth2-and-c...

 --
 "The measure of a man is what he does with power" - Plato
 -
 @abstractj
 -
 Volenti Nihil Difficile

 _______________________________________________
 security-dev mailing list
 security-dev(a)lists.jboss.org
 https://lists.jboss.org/mailman/listinfo/security-dev

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Re: [security-dev] How we hacked Facebook with OAuth2 and Chrome bugs