Back to directory
WRITEUP #3728

Oculus SSO “Account Linking” bug leads to account takeover on third party websites and inside VR Games/Apps

Auth BypassSSOBroken authenticationAccount takeover
by@samm0uda(Youssef Sammouda)
Bounty
12,000
Program
Meta / Facebook
Published
May 20, 2021
Added to HackDex
Sep 15, 2022
Read Full Writeuphttps://ysamm.com/?p=697
RELATED WRITEUPS
Forced SSO Session Fixation
Auth BypassSSO
Account Takeover via Broken Authentication Workflow: Free Lifetime Streaming!
Auth BypassBroken authentication
Plug Security Holes in React Apps That Can Lead to API Exploitation
Auth BypassSSO
Interesting Story of an Account Takeover Vulnerability
Auth BypassAccount takeover
Instagram and Meta 2FA Bypass by Unprotected Backup Code Retrieval in Accounts Center
Auth Bypass2FA / MFA bypass

Built with ❤️ by Shubham Rawat