Google OAuth Vulnerability Exposes Millions via Failed Startup Domains
(thehackernews.com)
from IllNess@infosec.pub to securitynews@infosec.pub on 16 Jan 2025 00:11
https://infosec.pub/post/22477029
from IllNess@infosec.pub to securitynews@infosec.pub on 16 Jan 2025 00:11
https://infosec.pub/post/22477029
New research has pulled back the curtain on a “deficiency” in Google’s “Sign in with Google” authentication flow that exploits a quirk in domain ownership to gain access to sensitive data.
threaded - newest