Skip to content

Add OAuth Account Squatting #304

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Dec 3, 2020
Merged

Add OAuth Account Squatting #304

merged 2 commits into from
Dec 3, 2020

Conversation

plr0man
Copy link
Contributor

@plr0man plr0man commented Nov 5, 2020

Issue: Resolves #299

CVSS v3 Mapping: AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

CWE Mapping: inherited from the parent CWE-303

Remediation Advice Mapping:

"In case of OAuth based account registration, ensure that if there is a preexisting account for the same email address and is to be merged, that it will no longer be accessible with its old password"

Checklist:

  • I have added entries to CHANGELOG.md and marked it Added/Changed/Removed

@plr0man plr0man added this to the v1.10 milestone Nov 5, 2020
@plr0man plr0man requested a review from adamrdavid November 5, 2020 17:12
adamrdavid
adamrdavid approved these changes Nov 10, 2020
View reviewed changes
mappings/remediation_advice/remediation_advice.json Outdated
},
{
"id": "account_squatting",
"remediation_advice": "In case of OAuth based account registration, ensure that if there is a preexisting account for the same email address and is to be merged, that it will no longer be accessible with its old password"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

do we want a period on the end?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wondered if anybody would notice :)

@plr0man plr0man requested a review from jquinard November 17, 2020 17:01
@adamrdavid adamrdavid merged commit abfb00a into master Dec 3, 2020
@adamrdavid adamrdavid deleted the add-oauth-squatting branch December 3, 2020 20:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

2 more reviewers

@adamrdavid adamrdavid adamrdavid approved these changes

@jquinard jquinard jquinard approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

enhancement

Projects

None yet

Milestone

v1.10

Development

Successfully merging this pull request may close these issues.

Oauth Squatting

3 participants

@plr0man @adamrdavid @jquinard