← LibraryTechnique entry
W-OAUTH-STATECredential Access
OAuth — Missing state / PKCE
Login-CSRF on OAuth: attacker logs the victim into an attacker-controlled provider account.
§ Where this technique fits
W-OAUTH-STATE is catalogued under the Credential Access tactic of the offensive-security kill-chain. It appears in 0 approved dossiers in the registry, typically.