Some web application are using oauth 2 technology as login alternative , i
found a way how can i access client application using unverified
email(victim email) on

oauth oauth provider, if oauth provider allows unverified email to use it's
oauth service which can abuse by the attacker, this is possible if the
client provider

directly login the user(using oauth) if his email is already exists on they
record.


* user joe has account on CLIENT A using his email address
[email protected], but does not have oauth provider account. attacker
knows that.

* now the attacker create a new oauth provider account using
[email protected].

* because an unverified email can used the oauth provider oauth and the
CLIENT A is using oauth provider's oauth as an alternative login, the
attacker can now access

victim's Client  Application(CLIENT A) account using the login alternative
 function.


you can try github(oauth provider) and  https://sprint.ly/  (client)


https://www.dropbox.com/s/jhrgn311i0e28pc/hijackoauthclient_x264.mp4?dl=0
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth

Reply via email to