What is real importance of the OAuth *state* parameter is?

[DBformore]

A lot of developers are not sure about the answer.

Security researchers from Salt could install malicious ChatGPT plugins, just because of a minor state mistake that ChatGPT made.

If you want to understand OAuth, this post is for you: https://salt.security/blog/security-flaws-within-chatgpt-extensions-allowed-access-to-accounts-on-third-party-websites-and-sensitive-data

[MorL]

Could you elaborate? What do you mean by "could install malicious ChatGPT plugins" ?

[DBformore]

ChatGPT plugins (think mini-apps for ChatGPT) expand functionality to ChatGPT but introduce new attack vectors. Those security researchers could install a malicious ChatGPT, that they wrote, on another victim account.