Back to directory

WRITEUP #2737

ATO without any interaction [aws cognito misconfiguration]

Auth BypassAccount takeoverLack of rate limiting

by@SPY8OY(Shreyaskoli)

Bounty

550

Program

GitHub

Published

Apr 30, 2022

Added to HackDex

Sep 15, 2022

Read Full Writeuphttps://shreyaskoli.medium.com/ato-without-any-interaction-aws-cognito-misconfiguration-d690f4b3da11

▸ RELATED WRITEUPS

Interesting Story of an Account Takeover Vulnerability

Auth BypassAccount takeover

Instagram and Meta 2FA Bypass by Unprotected Backup Code Retrieval in Accounts Center

Auth Bypass2FA / MFA bypass

Forced SSO Session Fixation

Account takeover on 8 years old public program

Auth BypassAccount takeover

$500 for Cracking Invitation Code For Unauthorized Access & Account Takeover

Auth BypassAccount takeover

Built with ❤️ by Shubham Rawat