Site icon API Security Blog

OAuth Single Sign On – SSO (OAuth Client) Standard < 28.4.9 – IdP Deletion via CSRF

The plugin does not have CSRF checks when deleting Identity Providers (IdP), which could allow attackers to make logged in admins delete arbitrary IdP via a CSRF attackRead More

Exit mobile version