Dex vulnerable to Man-in-the-Middle allowing ID token capture via intercepted authorization code
Impact Dex instances with public clients and by extension, clients accepting tokens issued by those Dex instances are affected by this vulnerability. An attacker can exploit this vulnerability by making a victim navigate to a malicious website and guiding them through the OIDC flow, stealing the...