Tag

Account_takeover

1 brief RSS

Ech0 OAuth Redirect URI Validation Bypass Vulnerability

Ech0's OAuth redirect URI validation ignores the path component, allowing attackers to craft malicious redirect URIs for exchange-code theft and potential account takeover.

github.com/lin-snow/Ech0 oauth redirect_bypass account_takeover web_application

2r 1t Jan 23, 2024