What is real importance of the OAuth *state* parameter is?

1 points by DBformore 2 years ago | 2 comments

A lot of developers are not sure about the answer.

Security researchers from Salt could install malicious ChatGPT plugins, just because of a minor state mistake that ChatGPT made.

If you want to understand OAuth, this post is for you: https://salt.security/blog/security-flaws-within-chatgpt-extensions-allowed-access-to-accounts-on-third-party-websites-and-sensitive-data

MorL 2 years ago |

Could you elaborate? What do you mean by "could install malicious ChatGPT plugins" ?

DBformore 2 years ago | |

ChatGPT plugins (think mini-apps for ChatGPT) expand functionality to ChatGPT but introduce new attack vectors. Those security researchers could install a malicious ChatGPT, that they wrote, on another victim account.