Hacker Newsnew | past | comments | ask | show | jobs | submit | aviCC's commentslogin

Wow if that's true and affects more websites, then it's super cool and huge


Technical details: "The plugin does not authenticate the request, which means that the attacker can insert another memberId (aka the victim) and get a code that represents the victim. With that code, he can use ChatGPT and access the GitHub of the victim."


And a link, if you want to read the official blog post: https://salt.security/blog/security-flaws-within-chatgpt-ext...


Invest money on companies who want to improve our life


https://platform.intervee.io/

Provides practical challenges with guidance for graduates in various subjects including Linux, Network, Security, and more..

Computer Science can sometimes be theoretical and learning from practical example is a must.


Actually, the CVE-2023-283131 vulnerability was published with the full details just two days ago. In April Expo published a short post but without too much technical information. You can find more details about CVE-2023-283131 in the link I shared here:

https://salt.security/blog/a-new-oauth-vulnerability-that-ma....

Thank you for bringing up the distinction, and I agree that OpenID can help address some of the issues, but not all of them...


Could SAML solve them in your eyes?


TLDR: A direct link to the interesting technical information: https://salt.security/blog/a-new-oauth-vulnerability-that-ma...


Original article: https://salt.security/blog/traveling-with-oauth-account-take...


https://salt.security/blog/traveling-with-oauth-account-take...

Video: https://youtu.be/IK_AV1UFS-0


This is the link to the research, you provided a link to Reddit: https://salt.security/blog/traveling-with-oauth-account-take...


Makes sense. They are very useful as a monitor stand.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: