WRITEUP #1535

Bypassing SSO Authentication from the Login Without Password Feature Lead to Account Takeover

Auth BypassAccount takeoverSSOOTPAuthentication bypass

byAidil Arief

Program

Published

Feb 20, 2023

Added to HackDex

Mar 6, 2023

Read Full Writeuphttps://aidilarf.medium.com/bypassing-sso-authentication-from-the-login-without-password-feature-lead-to-account-takeover-d2322a33a208

▸ RELATED WRITEUPS

Forced SSO Session Fixation

Auth BypassSSO

Interesting Story of an Account Takeover Vulnerability

Auth BypassAccount takeover

Instagram and Meta 2FA Bypass by Unprotected Backup Code Retrieval in Accounts Center

Auth Bypass2FA / MFA bypass

Account takeover on 8 years old public program

Auth BypassAccount takeover

Breaking the Barrier: Admin Panel Takeover Worth $3500

Auth BypassAuthentication bypass

Built with ❤️ by Shubham Rawat