Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Oauth Credentials Json" module is designed to detect misconfigurations related to the exposure of OAuth credentials in JSON files. OAuth credentials are used for authentication and authorization in various applications and services. This module focuses on identifying instances where the "client_id" and "client_secret" values are exposed in the "oauth-credentials.json" file.
This module has a low severity level, indicating that the potential impact of the exposure is relatively limited. However, it is still important to address this issue to prevent unauthorized access to sensitive information.
This module was authored by DhiyaneshDK.
If the OAuth credentials are exposed in the "oauth-credentials.json" file, it can potentially lead to unauthorized access to the associated application or service. Attackers who gain access to these credentials may be able to impersonate legitimate users, access sensitive data, or perform unauthorized actions.
The "Oauth Credentials Json" module works by sending a GET request to the "/oauth-credentials.json" path. It then applies matching conditions to determine if the file contains the "client_id" and "client_secret" values and if the response status is 200 (OK).
The matching conditions used in this module are:
- Check if the "client_id" and "client_secret" values are present in the file. - Verify that the response status is 200 (OK).If both conditions are met, the module will report a vulnerability, indicating that the OAuth credentials are exposed in the JSON file.
Example HTTP request:
GET /oauth-credentials.json
Note: The actual JSON definitions of the module are not shown here for simplicity.