Phishers exploit OAuth holes in Microsoft and Google implementations

Phishers exploit OAuth holes Microsoft Google implementations

Cybersecurity researchers have discovered previously unknown methods of launching cyberattacks with URL redirects on weak OAuth 2.0 implementations. Such attacks can bypass phishing detection and email protection, as well as give victims a false sense of security when visiting phishing pages.

The security problems were pointed out by the specialists of the Proofpoint company. According to them, attackers are attacking Outlook Web Access, PayPal, Microsoft 365 and Google Workspace by exploiting gaps in the OAuth 2.0 implementation.

By the way, we devoted an analytical article to the vulnerabilities of the OAuth 2.0 protocol, in which an expert explains whether it is dangerous to authenticate through a profile on social networks.

When developing OAuth-enabled applications, developers can choose from different types of flows, depending on their needs. Using an example implementation from Microsoft, you can see how this is interconnected:

Streams require the developer to define specific parameters, including a unique client ID and a URL to which the user will be redirected after successful authentication.

As the Proofpoint experts found out, attackers can modify individual parameters invalid authentication flows. As a result, a conditional attacker can redirect the victim to a malicious site. For example, this can be achieved by changing the “response_type” request parameter.

“This attack vector exploits a number of third-party Microsoft 365 applications with malicious URL redirects specific to each of these applications,” the researchers noted in the report.

Catch up on more stories here

Follow us on Facebook here

Leave a Reply