Back to directory

WRITEUP #1050

nOAuth: How Microsoft OAuth Misconfiguration Can Lead to Full Account Takeover

OAuthAccount takeover

by@descopeinc(Descope)

Program

Microsoft (Azure AD)

Published

Jun 20, 2023

Added to HackDex

Jun 21, 2023

Read Full Writeuphttps://www.descope.com/blog/post/noauth

▸ RELATED WRITEUPS

Stealing First Party Access Token of Facebook Users: Meta Bug Bounty

OAuthAccount takeover

Self XSS + Login CSRF + OAuth = Account Takeover

Auth BypassAccount takeover

Interesting Story of an Account Takeover Vulnerability

Auth BypassAccount takeover

Self-XSS to ATO via Site Features

How I Got $250 For My Second Bug on HackerOne

OAuthSession expiration issue

Built with ❤️ by Shubham Rawat