Please enable JavaScript.
Coggle requires JavaScript to display documents.
oauth security validations (False redirect URI (open redirect) (Rejected…
oauth security validations
False redirect URI (open redirect)
Rejected by IPS on initial request
Rejected by IPS when manipulated at step 2
Rejected by IPS when manipulated at step 3
Rejected by IPS when processing final request before redirecting
False user-agent for Identity provider access
u/a is required to access login page
other request parameters are required to successfully process the login
state should be tied to user authing and redirect uri
This appears to be true
HTTP referrer leakage for tokens
Not seeing a referrer in any of the workflow steps
log file leakage
oauth reponse codes are being logged
forged or falsified token
Need to validate the tokens generated without authing do not work
Confirmed as true, Maven's system rejects my randomly generated tokens from the IDS
token reuse
system appears to validate if a token is being re-used, continually sends back to auth when using tokens, however the token appears to be used as a session identifier via URL in some requests
lack of authorization upon token receipt
Appears to be happening
CSRF via invalid state validaiton
login brute force, missing captcha
Definitely possible
auth isn't actually happening at IPS
confirmed that auth happens at IPS
Is weak crypto being used?
Tested with sequencer using codes, sufficient entropy
Can private/public keys be exported via login application?