Open Response Type Vulnerability (2024): How To Protect Your OAuth Login
The Open Response Type vulnerability compromises the security of OAuth, a popular authorization protocol that allows users to log in to websites using credentials from another Identity and Access Management (IAM) service like Google, using the response_type header.
When you log into a site using a service like Google or Facebook, the website requests a special code that is then used to verify your identity. This code is usually transmitted securely, but the Open Response Type vulnerability allows an attacker to trick the website into obtaining this code via web address (URL).
The danger happens if the website also has an XSS vulnerability that allows attackers to inject malicious JavaScript into the web page to read the URL, including the secret code used for creating access tokens.
The consequences of this vulnerability are severe: once an attacker obtains this code, they can use it to impersonate the user and gain unauthorized access to their account. This access can persist even after the XSS vulnerability is patched, as the attacker can create new sessions that bypass standard protections like HttpOnly session cookies.
/cdn.vox-cdn.com/uploads/chorus_asset/file/24090218/STK171_VRG_Illo_14_Normand_ElonMusk_14.jpg)
