Hello Folks,
In this post, I am going to share a OAUTH Misconfiguration bug which ranges from P2 - P3 in bug crowd Taxonomy.
In this bug, attacker has forever access to victims account. You can find this bug where you have email login as well as Oauth login like Google, Facebook, Github etc.
Steps to find this vulnerability:
1. Make a account on "abc.com" with victims email address.
2. Now, Victim will create account through OAuth functionality and thus is not required to set password for his account.
3. You can access victims account through password you set in step 1.
Simple logic flaw, yet powerful.
Mitigation:
> Allow only OAuth sign up or Email address Sign up!
For any question you can text us on instagram @bug_xs.
Stay Safe. Stay Healthy.
Comments