What is real importance of the OAuth *state* parameter is? | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		What is real importance of the OAuth state parameter is?
		1 point by DBformore on March 13, 2024 \| hide \| past \| favorite \| 2 comments
		A lot of developers are not sure about the answer. Security researchers from Salt could install malicious ChatGPT plugins, just because of a minor state mistake that ChatGPT made. If you want to understand OAuth, this post is for you: https://salt.security/blog/security-flaws-within-chatgpt-extensions-allowed-access-to-accounts-on-third-party-websites-and-sensitive-data

MorL on March 13, 2024 [–]

Could you elaborate? What do you mean by "could install malicious ChatGPT plugins" ?

DBformore on March 13, 2024 | [–]

ChatGPT plugins (think mini-apps for ChatGPT) expand functionality to ChatGPT but introduce new attack vectors. Those security researchers could install a malicious ChatGPT, that they wrote, on another victim account.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact