DBformore

↗ HN profile [ 38.5 ms ] full profile
Karma
5
Created
March 1, 2023 (3y ago)
Submissions
0
  1. TLDR: The state variable that ChatGPT uses in the integration with plugins, was not random. Attackers could install a malicious plugin on a victim by sending a link that mimic the last step of the OAuth flow. The…

  2. A lot of developers are not sure about the answer. Security researchers from Salt could install malicious ChatGPT plugins, just because of a minor state mistake that ChatGPT made. If you want to understand OAuth, this…

  3. According to a recent study by Salt, a Booking.com attack could have potentially affected 100 million users. The attack is related to OAuth, a commonly used mechanism on modern websites. More information (links) on the…