Open korniko98 opened 1 year ago
The researcher discovered a way, how an attacker could leak tokens from other users who are authorized to access an IAP-secured web application. This allows an attacker to hijack sessions and hence access IAP-secured web applications.
https://www.seblu.de/2021/12/iap-bypass.html
Summary (give a brief description of the issue)
The researcher discovered a way, how an attacker could leak tokens from other users who are authorized to access an IAP-secured web application. This allows an attacker to hijack sessions and hence access IAP-secured web applications.
References (provide links to blogposts, etc.)
https://www.seblu.de/2021/12/iap-bypass.html