What is real importance of the OAuth *state* parameter is?
A lot of developers are not sure about the answer.
Security researchers from Salt could install malicious ChatGPT plugins, just because of a minor state mistake that ChatGPT made.
If you want to understand OAuth, this post is for you:
https://salt.security/blog/security-flaws-within-chatgpt-extensions-allowed-access-to-accounts-on-third-party-websites-and-sensitive-data Could you elaborate?
What do you mean by "could install malicious ChatGPT plugins" ? ChatGPT plugins (think mini-apps for ChatGPT) expand functionality to ChatGPT but introduce new attack vectors.
Those security researchers could install a malicious ChatGPT, that they wrote, on another victim account.