From 4a0efb146e7ba4bd069933ff1a65c328fecc2964 Mon Sep 17 00:00:00 2001 From: compaluca Date: Mon, 13 Jul 2020 18:41:54 +0200 Subject: [PATCH] Update README.md --- casestudies-src/overleaf/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/casestudies-src/overleaf/README.md b/casestudies-src/overleaf/README.md index 60d7b73..24508cd 100644 --- a/casestudies-src/overleaf/README.md +++ b/casestudies-src/overleaf/README.md @@ -4,7 +4,7 @@ The lack of the `state` parameter in the Overleaf implementation of OAuth 2.0 with Google introduced known vulnerabilities. In particular it was possible to mount a session-swapping attack through a CSRF on the Google Oauth2 callback page at `/users/auth/google_oauth2/callback`. A PoC attack can be found in the [poc.html](./poc.html) file. -The vulneability have been reported to Overleaf developers, that acknowledged the vulnerability and fixed the issue by adding the `state` parameter. +The vulnerability have been reported to Overleaf developers, that acknowledged the vulnerability and fixed the issue by adding the `state` parameter. ## Monitor