DBformore
- Karma
- 5
- Created
- March 1, 2023 (3y ago)
- Submissions
- 0
-
TLDR: The state variable that ChatGPT uses in the integration with plugins, was not random. Attackers could install a malicious plugin on a victim by sending a link that mimic the last step of the OAuth flow. The…
-
A lot of developers are not sure about the answer. Security researchers from Salt could install malicious ChatGPT plugins, just because of a minor state mistake that ChatGPT made. If you want to understand OAuth, this…
-
According to a recent study by Salt, a Booking.com attack could have potentially affected 100 million users. The attack is related to OAuth, a commonly used mechanism on modern websites. More information (links) on the…