You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@@ -4,7 +4,7 @@ The lack of the `state` parameter in the Overleaf implementation of
OAuth 2.0 with Google introduced known vulnerabilities.
In particular it was possible to mount a session-swapping attack through a CSRF on the Google Oauth2 callback page at `/users/auth/google_oauth2/callback`. A PoC attack can be found in the [poc.html](./poc.html) file.
The vulneability have been reported to Overleaf developers, that acknowledged the vulnerability and fixed the issue by adding the `state` parameter.
The vulnerability have been reported to Overleaf developers, that acknowledged the vulnerability and fixed the issue by adding the `state` parameter.
