Briefing Replay
Management and Leadership

Emerging Issue Briefing Replay: Newly Discovered Weaknesses Put Web-Based Authentication at Risk

 

A newly disclosed vulnerability class has emerged caused by a weakness in the underlying standards for OAuth 2.0, OpenID Connect and FAPI. Despite being discovered months ago, these new “audience-injection” vulnerabilities only came out of embargo on April 25 and haven't gotten much attention. Things will get complicated because this isn't a vulnerability in a single library, but rather the standards that individual library developers adhere to.

In this briefing, Jake Williams details the underlying issues, explains why security teams should be prioritizing this and provides steps to take, specifically from a third-party risk management perspective.

Fill out the form to access a recording of the briefing.

Request your free content download