Hi everyone, I am socalledhacker, i am a security researcher , penetration tester, certified ethical hacker and a web3 noob. In past months, I have discover lots of bugs but in today’s article we are going to discuss about OAuth Misconfiguration Pre-Account Takeover, which i discover recently so without further delay let’s start….
OAuth Misconfiguration Pre-Account Takeover
I discovered lots of OAuth misconfiguration pre-account takeover bug in past and this is only the bug I found the most, in almost every program that i hunt on which has login feature via Oauth, i got OAuth misconfiguration pre-account takeover because Oauth function is not easy to implement securely so developers always do mistake in configuration which is the cause of this bug and it is also complex to implement.
So lets talk about how to find/test this bug, let’s say you have a target which has login function via Oauth, now create an account using your email address and then a verification link will send to you email address, don’t verify that.
Now logout to your account and create account using the same email address but this time use Oauth via google to create your account using same email address.
By doing that both the account normal signup and signup via google are linked to each and but also works independently, like you can access both via email and password and via sso.
Now you think what’s the impact of this – “Ruko jara sabar karo“
Think about this like if attacker have your email address and he can create an account on a website which has OAuth misconfiguration pre-account takeover vulnerability and email verification link comes to your email address, Now after sometime you created account on the same website using sso, so both account is linked together and attacker can access it via email password and you are using it via sso, now tell me in comments that it has impact or not?
As always time for POC…. 🙂
Description:- OAuth is an authorization framework used to identify and authenticate users for an application. There are a number of implementation misconfigurations which can lead to an OAuth framework being implemented insecurely. These misconfigurations can lead to a broad range of issues which could allow an attacker to manipulate or retrieve sensitive data and potentially bypass the authentication process.
Steps to reproduce:-
1 – Go to https://www.example.com
2 – Register on the target using victim@gmail.com using email registration
3 – A verification process will be done (don’t verify it)
4 – Now, victim will use his Oauth account (victim@gmail.com) for registration, he will be logged in
5 – The attacker can now login into the victim’s account using normal login (email and password) and the victim can use the same account using Oauth.
Impact:- OAuth misconfiguration lead to pre-account takeover, granting attackers unauthorized access to user accounts and sensitive data. This breach can result in data theft, financial loss, and erosion of user trust. The exploited accounts may be used for further attacks, including phishing and social engineering. Legal and compliance issues may arise due to failure in protecting user data. Overall, the impact can be severe, affecting both users and the organization’s reputation and finances.
Check reports of OAuth Misconfiguration Pre-Account Takeover
https://hackerone.com/reports/1074047
https://hackerone.com/reports/1212374
That’s it for this article I will upload more articles related to web2 bugs covering all p4 to p1 bugs in near future so stay tuned … 🙂
Also read my previous article on P4 bugs – Part 1 , Part 2, Part 3
Buy Me a Coffee : https://buymeacoffee.com/socalledhacker
Follow Me On :
Hi, I think your site might be having browser compatibility issues. When I look at your website in Safari, it looks fine but when opening in Internet Explorer, it has some overlapping. I just wanted to give you a quick heads up! Other then that, fantastic blog!
Thanks for your whole work on this website. My daughter takes pleasure in conducting investigation and it’s really easy to understand why. A lot of people know all of the powerful method you create priceless tricks on the blog and increase participation from people on the concept while our own princess has been learning a great deal. Enjoy the remaining portion of the year. You have been performing a glorious job.
Good day! This is my first visit to your blog! We are a team of volunteers and starting a new initiative in a community in the same niche. Your blog provided us beneficial information to work on. You have done a outstanding job!
Some genuinely superb info , Gladiolus I observed this. “I know God will not give me anything I can’t handle. I just wish that He didn’t trust me so much.” by Mother Theresa.
I am actually grateful to the owner of this website who has shared this impressive post at here.
Remarkable things here. I am very satisfied to peer your article.
Thanks a lot and I am having a look ahead to contact you.
Will you please drop me a e-mail?
Feel free to visit my homepage :: nordvpn coupons inspiresensation (t.co)
Howdy! Someone in my Facebook group shared this website with us so I came to check it out. I’m definitely enjoying the information. I’m bookmarking and will be tweeting this to my followers! Outstanding blog and great design and style.
Thanks for every other informative web site. Where else
may I get that kind of information written in such a perfect way?
I have a challenge that I’m simply now running on, and I’ve been at the look out for
such information.
Check out my blog post :: nordvpn coupons
inspiresensation (http://t.co/)
Howdy! I understand this is somewhat off-topic however I had to
ask. Does running a well-established blog such as yours take a massive amount work?
I’m brand new to operating a blog however I do write in my journal every day.
I’d like to start a blog so I can easily share my experience and feelings online.
Please let me know if you have any recommendations
or tips for new aspiring bloggers. Appreciate it!
Also visit my web site: nordvpn coupons inspiresensation (t.co)
Have you ever considered about adding a little bit more than just your articles?
I mean, what you say is valuable and all. However think about if you added some great images or videos
to give your posts more, “pop”! Your content is excellent but with pics and
video clips, this website could undeniably be one of the very best in its field.
Fantastic blog!
Look at my webpage nordvpn coupons inspiresensation
350fairfax nordvpn cashback
Hi there, I desire to subscribe for this webpage to take most up-to-date updates, so where can i do it please help.
Hi there! This post couldn’t be written any better! Reading through this post reminds me of my good
old room mate! He always kept chatting about this. I will forward this page to him.
Fairly certain he will have a good read. Many thanks for sharing!