Firebase: Insecure by Default (feat. that one time our classmates tried to sue us)

Authorization bypass due to cache misconfiguration

The Butterfly Effect: Turning Overlooked - Misconfigurations into Zero Click Account Takeover