Claude Code OAuth Tokens Can Be Stolen Through Stealthy MCP Hijacking

Claude Code OAuth Tokens Vulnerable to Stealthy MCP Hijacking

Recent research from Mitiga has unveiled a significant security vulnerability within Claude Code's Managed Control Plane (MCP) that could allow attackers to intercept OAuth tokens. This exploit enables unauthorized access to connected Software as a Service (SaaS) platforms, raising critical concerns for developers and security teams alike.

What Happened

Mitiga's findings indicate that attackers can redirect Claude Code MCP traffic to their own infrastructure, effectively performing a man-in-the-middle (MitM) attack. By manipulating the configuration file located at ~/.claude.json, adversaries can alter the MCP server settings to include their proxy address. This manipulation allows them to capture OAuth tokens as they are transmitted, granting them extensive access to various connected applications.

Why It Matters

The implications of this vulnerability are severe. OAuth tokens serve as digital keys, granting access to numerous tools and services. If compromised, these tokens can be used by attackers to bypass multi-factor authentication and gain unauthorized access to sensitive data and systems. The stealthy nature of this attack means that users may remain unaware of any compromise, as the traffic appears legitimate and normal from their perspective.

Affected Users or Organizations

📬 Stay ahead of the threat

Get the latest SOC guides, threat intel, and detection engineering — straight to your inbox.

Subscribe Free →

✓ You're subscribed!

Organizations utilizing Claude Code for development and deployment are at risk. This includes teams relying on the MCP for managing their SaaS integrations. The potential for widespread access to sensitive information makes this vulnerability particularly concerning for companies in regulated industries or those handling confidential data.

Recommended Actions

• Monitor Configuration Changes: Regularly audit the Claude Code configuration for any unauthorized modifications, especially to the MCP server URL.
• Track OAuth Token Behavior: Implement logging to monitor token refresh activities and detect any anomalies in OAuth usage.
• Analyze API Activity: Keep an eye on SaaS API interactions for any suspicious behavior that may indicate a breach.
• Review Network Traffic: Examine traffic through MCP integrations to identify unexpected patterns that could suggest a MitM attack.
• Assume Compromise: Adopt a proactive security posture by treating potential compromises as a given until proven otherwise.

In light of these findings, organizations must act swiftly to bolster their security measures and mitigate the risks associated with this vulnerability. Waiting for a formal patch or solution could lead to severe consequences, making vigilance and proactive monitoring essential in today's threat landscape.