Category Web Security Academy

Learn to secure the web one step at a time, with our practical, interactive learning materials. Covering the latest research, and completely free.

Web Security Academy

Forced OAuth profile linking

Report: Vulnerability Type: Forced OAuth profile linkingVulnerable Lab: : HIGHPOC (Video) : (Attached) Description: Due to the insecure implementation of the OAuth flow by the client application, an attacker can manipulate this functionality to obtain access to other users’…

Kríshñéñdú Sâmâñtâ
January 4, 2021

Web Security Academy

Lab: Authentication bypass via OAuth implicit flow

Report: Vulnerability Type: Authentication bypass via OAuth implicit flowVulnerable Lab: : HIGHPOC (Video) : (Attached) Description: Lab uses an OAuth service to allow users to log in with their social media account. Flawed validation by the client application makes…

Kríshñéñdú Sâmâñtâ
January 4, 2021

R&D Center

140 West St, New York, 10007, US

Forced OAuth profile linking

Lab: Authentication bypass via OAuth implicit flow

Trending now