Coinbase: open authentication bug

2015-02-18T13:26:26
ID H1:48065
Type hackerone
Reporter ckmk44
Modified 2015-03-11T16:19:22

Description

Hi, If developer registers one of the three url's with out http protocol (ex:example.com) in oauth registration then he would be redirected to www.coinbase.comexample.com.This makes the user to redirect to another site than the real application.Attacker could take advantage of this and steal the token using that site as a medium. Type:Oauth impact:high authentication:yes this works if developer does a mistake but the vulnerability lies in the coinbase oauth. Proof of concept: https://www.coinbase.com/oauth/authorize?response_type=code&client_id=3616ab93541ef90540a0c991e113b22c1ccefa96996f70fcdc49a68d900cb761&redirect_uri=prashanthvarma.in/code.php&scope=user

Thank you, prashanth varma