Back to directory
WRITEUP #789

Insecure Authentication Tokens leading to Account Takeover

Auth BypassAccount takeoverAndroidHardcoded credentialsWeak cryptoAuthentication bypassClient-side enforcement of server-side security
byThomas Delfino
Program
-
Published
Sep 18, 2023
Added to HackDex
Sep 22, 2023
Read Full Writeuphttps://www.vaadata.com/blog/insecure-authentication-tokens-leading-to-account-takeover/
RELATED WRITEUPS
Interesting Story of an Account Takeover Vulnerability
Auth BypassAccount takeover
Instagram and Meta 2FA Bypass by Unprotected Backup Code Retrieval in Accounts Center
Auth Bypass2FA / MFA bypass
Forced SSO Session Fixation
Auth BypassSSO
Account takeover on 8 years old public program
Auth BypassAccount takeover
Breaking the Barrier: Admin Panel Takeover Worth $3500
Auth BypassAuthentication bypass

Built with ❤️ by Shubham Rawat