Back to directory
WRITEUP #4063

Weird functionality leads to Account Takeover (Millions of Users affected)

Auth BypassAccount takeoverBroken authentication
by@nullr3x(Sahil Mehra)
Bounty
4,000
Program
-
Published
Jan 27, 2021
Added to HackDex
Sep 15, 2022
Read Full Writeuphttps://nullr3x.medium.com/weird-functionality-leads-to-account-takeover-millions-of-users-affected-3fdf06be45
RELATED WRITEUPS
Account Takeover via Broken Authentication Workflow: Free Lifetime Streaming!
Auth BypassBroken authentication
Interesting Story of an Account Takeover Vulnerability
Auth BypassAccount takeover
Instagram and Meta 2FA Bypass by Unprotected Backup Code Retrieval in Accounts Center
Auth Bypass2FA / MFA bypass
Forced SSO Session Fixation
Auth BypassSSO
Account takeover on 8 years old public program
Auth BypassAccount takeover

Built with ❤️ by Shubham Rawat