OAUTH MISCONFIGURATION LEADS TO PRE ACCOUNT TAKEOVER
Hello everyone!! âșïž
Hope you are doing good đ .This is my second write-up. If you have not gone through my first one, so do check it out here ->https://link.medium.com/pewrVK1RHtb .The second mediumâs vulnerability is OAUTH MISCONFIGURATION LEADS TO PRE ACCOUNT TAKEOVER.
.
.
Letâs get started!! đ€©
What is OAuth misconfiguration?? đ€
The most infamous OAuth-based vulnerability is when the configuration of the OAuth service itself enables attackers to steal authorization codes or access tokens associated with other users' accounts.
As usual I was surfing on Bugcrowd , I came across a program. We call it as Redacted.com.[At the end of the day, they changed the program to private] So I have been using the program name as Redacted.com. As I was gone through I came to the login page and I decided to hunt there, where I saw that it uses OAuth method such as Google,Microsoft and Facebook to signup and normal way to signup with name and work-email. So I decided to try for OAuth vulnerability.
STEPS TO REPRODUCE THE VULNERABILITY:
- Go to https://redacted and signup using the unregistered victimâs account.
- After the sometime victim is going to signup using the OAuth method.
- What happens here is, that now the victim can easily log in using the victimâs account which bypasses the verification methods.
OR
- Signup for victim@gmail.com using email signup
- Signup through google login using the same email
- The user will be logged in
- This vulnerability is very high severity because of exploitation and complete account access if the victim creates an account.
I reported it on 17th of AUG and they replied me on 18th AUG that it is duplicate.
Waiting for just 2 mins they changed the state duplicate to accepted. And now i was like
So it was accepted and they rewarded me with 10Points.
Thanks for reading!! đ