WOW SAVE 20% on the All Access Bundle. Use "OAUTH20OFF" at checkout.
WOW SAVE 20% on the All Access Bundle. Use "OAUTH20OFF" at checkout.
Recently we was approached by a public sector team that provided detail of a vulnerability in version prior to 3.1.5. The vulnerability was a label as major but in reality it was a tad smaller. The issue was that 2 functions that generated auth codes and access token was not secure, other wise meaning that in an out of this world chance that some could guess a 40 character auth code within 30 seconds of it being created, they could use it to request an access token.
Although it was nothing to really worry about, we did take the issue seriously and released a patch in version 3.1.5 that uses a new means of randomly generating tokens and auth codes.
How to Fix:
Update to the latest version of WP OAuth Server.
If you have any questions or questions please feel free to submit a support request at https://wp-oauth.com/account/submit-ticket/.
