Talk to our security experts and see Miggo in action.
The Server.verify_request function in SimpleGeo python-oauth2 does not check the nonce, which allows remote attackers to perform replay attacks via a signed URL. The vulnerability does not appear to be patched according to the following discussion.
Miggo AIMiggo AIMiggo AIMiggo AIRoot Cause Analysis: