Detections
Analytics

Google API OAuth Credentials Detected

high Web App Scanning Plugin ID 113124

Language:

Synopsis

Google API OAuth Credentials Detected

Description

Google APIs support the OAuth 2.0 protocol for authentication and authorization in different deployment scenarios. In order to gain access to Google APIs and in some scenarios, the client application has to authenticate itself against the Google authorization servers by using credentials such as a client ID and a client secret and then retrieve a valid access token.

In the context of web server applications, the OAuth 2.0 secret used to retrieve the token is sensitive and, if leaked with the client ID, can lead to an attacker impersonating the vulnerable application and performing arbitrary requests against Google APIs.

Solution

Ensure that the OAuth 2.0 client ID and secret are not exposed by removing the file storing it, or at least setting proper permissions on it and ensuring that its content is encrypted. If OAuth 2.0 credentials are found to be leaked, developers should reset it through the Google developer console to avoid it from being reused by an unauthorized actor.

See Also

https://cloud.google.com/security/compromised-credentials

https://developers.google.com/identity/protocols/oauth2

https://www.oauth.com/oauth2-servers/client-registration/client-id-secret/

Plugin Details

Severity: High

ID: 113124

Type: remote

Published: 2/1/2022

Updated: 2/1/2022

Scan Template: api, basic, full, pci, scan

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: Tenable

CVSS v3

Risk Factor: High

Base Score: 7.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CVSS Score Source: Tenable

Reference Information