Back to directory

WRITEUP #3396

This is why you shouldn’t trust your Federated Identity Provider

OAuthAccount takeoverAuthentication bypass

by@wld_basha(Soufiane Habti)

Bounty

1,500

Program

-

Published

Sep 15, 2021

Added to HackDex

Sep 15, 2022

Read Full Writeuphttps://medium.com/@soufianehabti/this-is-why-you-shouldnt-trust-your-federated-identity-provider-62160f50d8b2

▸ RELATED WRITEUPS

The Butterfly Effect: Turning Overlooked - Misconfigurations into Zero Click Account Takeover

Stealing First Party Access Token of Facebook Users: Meta Bug Bounty

OAuthAccount takeover

Self XSS + Login CSRF + OAuth = Account Takeover

Auth BypassAccount takeover

Vulnerabilities in Open Source C2 Frameworks

RCEOS command injection

Interesting Story of an Account Takeover Vulnerability

Auth BypassAccount takeover

Built with ❤️ by Shubham Rawat