OAuth2: Predictable State
This exercise covers the exploitation of a predictable state in an OAuth2 Client
The course dives into the exploitation of an insecure OAuth2 Client that uses a predictable state parameter, making it susceptible to CSRF attacks. The state parameter is based on the current time, which allows an attacker to predict it and link the victim's account to their own. The attacker can then use this link to gain access to the victim's account.
To exploit this vulnerability, a malicious account is registered on the Authorization Server, and the attacker observes the state parameter during the OAuth2 dance. By creating a payload that primes the victim's session and brute-forces the state parameter with a valid code, the attacker can successfully link the victim's account. This exercise highlights the importance of securing OAuth2 implementations to prevent such attacks.