Claude Code OAuth Tokens Can Be Stolen Through Stealthy MCP Hijacking
Summary
Researchers have discovered a method to silently hijack OAuth tokens from Claude Code's MCP (Merchant Category Code) traffic. Attackers can exploit this to gain persistent access to connected SaaS platforms without user detection.
IFF Assessment
This vulnerability allows attackers to steal sensitive OAuth tokens, granting them unauthorized and persistent access to connected SaaS platforms, which is detrimental to defenders.
Severity
The CVSS score is estimated at 8.0 due to the potential for high impact, as attackers can gain persistent access to sensitive SaaS platforms by stealing OAuth tokens. The attack vector involves network manipulation, and the exploitability is likely moderate.
Defender Context
This incident highlights the risks associated with OAuth token security, particularly in integrations with third-party services like Claude Code. Defenders should monitor for unusual access patterns to connected SaaS applications and ensure proper token revocation and management processes are in place.