V4 - Access Control
OAuth Missing/Broken State Parameter
POC
- State parameter i.e anti-csrf token to prevent session hijacking attacks is missing on Google OAuth
- Check the URL to see there is no state parameter to maintain session identity.
Impact
Low
Likelihood
Low