Some web application are using oauth 2 technology as login alternative , i found a way how can i access client application using unverified email(victim email) on
oauth oauth provider, if oauth provider allows unverified email to use it's oauth service which can abuse by the attacker, this is possible if the client provider directly login the user(using oauth) if his email is already exists on they record. * user joe has account on CLIENT A using his email address [email protected], but does not have oauth provider account. attacker knows that. * now the attacker create a new oauth provider account using [email protected]. * because an unverified email can used the oauth provider oauth and the CLIENT A is using oauth provider's oauth as an alternative login, the attacker can now access victim's Client Application(CLIENT A) account using the login alternative function. you can try github(oauth provider) and https://sprint.ly/ (client) https://www.dropbox.com/s/jhrgn311i0e28pc/hijackoauthclient_x264.mp4?dl=0
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
