The Client Secret (OAuth 2.0 client secret) is a secret that the OAuth Client uses to authenticate with the Authorization Server. The Client Secret is a secret key that only the OAuth Client and the Authorization Server have access to.
Bug Bounty hunters and Attackers find hardcoded secret keys to be an easy target. They are easily identified, and they have the potential to expose a broad door to sensitive data and privileged access.
Obtaining a client secret may allow a malicious program to impersonate your application and any authorization provided to it. This might involve replaying access and refresh tokens in order to get unauthorized access to a user’s account.
ZOFixer.com security scan helps to find this vulnerability in your software and server, you can easily use it by registering on our website and activating the 30-day trial.