search

thephpleague / oauth2-server

A spec compliant, secure by default PHP OAuth 2.0 Server
https://oauth2.thephpleague.com
MIT License
6.49k stars 1.12k forks source link

Does anyone know if this library is vulnerable to this hack? #1381

Closed LTSCommerce closed 8 months ago

LTSCommerce commented 8 months ago

See article

https://salt.security/blog/oh-auth-abusing-oauth-to-take-over-millions-of-accounts

Sephster commented 8 months ago

I don't believe so as we don't use the flow being described