Researchers have discovered a set of previously unknown methods to launch URL redirection attacks against weak OAuth 2.0 implementations.
These attacks can lead to the bypassing of phishing detection and email security solutions, and at the same time, gives phishing URLs a false snse of legitimacy to victims.
The relevant campaigns were detected by Proofpoint, and target Outlook Web Access, PayPal, Microsoft 365, and Google Workspace.
How the attack works
OAuth 2.0 is a widely adopted authorization protocol that allows a web or desktop application access to resources controlled by the end-user, such as their email, contacts, profile information, or social accounts.
This authentication feature relies on the user granting access to a particular application, which creates an access token that other sites can use to access a user’s resources.