‘Log in with…’ Feature Allows Full Online Account Takeover for Millions
October 24, 2023 at 08:05AM Flaws in the OAuth standard implementation across Grammarly, Vidio, and Bukalapak may have allowed attackers to take over user accounts and engage in fraudulent activities. The Salt Labs researchers discovered API misconfigurations, which could potentially affect other compromised sites. This issue, referred to as a “Pass-The-Token” flaw, allows attackers to … Read more