Kaixuan Luo
Kaixuan Luo is a PhD candidate at Mobile Technologies Centre (MobiTeC), the Chinese University of Hong Kong (CUHK). His research focuses on web security and its intersection with digital identities. He is a three-time Black Hat USA speaker and has published his research at USENIX Security and IEEE S&P.
Session
05-29
11:00
30min
Understanding OAuth Session Fixation in Connector Ecosystems
Kaixuan Luo
Session fixation attacks affect certain OAuth-related standards but remain unexamined in mainstream OAuth 2.0 deployments. We identify 40+ vulnerable vendors in "connector ecosystems" for app integration and agentic AI, and propose mitigations.
Work Lab II