- Популярные видео
- Авто
- Видео-блоги
- ДТП, аварии
- Для маленьких
- Еда, напитки
- Животные
- Закон и право
- Знаменитости
- Игры
- Искусство
- Комедии
- Красота, мода
- Кулинария, рецепты
- Люди
- Мото
- Музыка
- Мультфильмы
- Наука, технологии
- Новости
- Образование
- Политика
- Праздники
- Приколы
- Природа
- Происшествия
- Путешествия
- Развлечения
- Ржач
- Семья
- Сериалы
- Спорт
- Стиль жизни
- ТВ передачи
- Танцы
- Технологии
- Товары
- Ужасы
- Фильмы
- Шоу-бизнес
- Юмор
OAuth Misconfiguration Leading to Pre-Account Takeover | Bug Bounty PoC
In this video, I demonstrate how an OAuth account-linking misconfiguration can lead to a pre-account takeover scenario.
The issue occurs when an attacker pre-registers an account using a victim’s email address, then the victim later signs in using OAuth, such as Google login. If the application incorrectly links or merges the OAuth identity with the pre-existing account without properly invalidating the attacker-controlled credentials, the attacker may retain access to the victim’s account.
This video is intended for educational and responsible disclosure purposes only. The demonstration is performed in a controlled environment and focuses on helping developers, security engineers, and bug bounty hunters understand the risks of insecure OAuth account linking.
#BugBounty #OAuth #PreAccountTakeover #CyberSecurity #AppSec #WebSecurity #EthicalHacking #AccountTakeover #OAuthSecurity #HackerOne #BugBountyTips #AuthenticationSecurity #SecurityResearch #Pentesting #OvawatchSec
Видео OAuth Misconfiguration Leading to Pre-Account Takeover | Bug Bounty PoC канала ovawatch security
The issue occurs when an attacker pre-registers an account using a victim’s email address, then the victim later signs in using OAuth, such as Google login. If the application incorrectly links or merges the OAuth identity with the pre-existing account without properly invalidating the attacker-controlled credentials, the attacker may retain access to the victim’s account.
This video is intended for educational and responsible disclosure purposes only. The demonstration is performed in a controlled environment and focuses on helping developers, security engineers, and bug bounty hunters understand the risks of insecure OAuth account linking.
#BugBounty #OAuth #PreAccountTakeover #CyberSecurity #AppSec #WebSecurity #EthicalHacking #AccountTakeover #OAuthSecurity #HackerOne #BugBountyTips #AuthenticationSecurity #SecurityResearch #Pentesting #OvawatchSec
Видео OAuth Misconfiguration Leading to Pre-Account Takeover | Bug Bounty PoC канала ovawatch security
Комментарии отсутствуют
Информация о видео
10 мая 2026 г. 22:03:19
00:06:37
Другие видео канала
Phases of Hacking Explained | Cybersecurity as a Game of Chess
HTML Injection : The Deceptive Trick That Steals Your Password
TryHackMe Billing Walkthrough — Full Foothold → Root (RCE & PrivEsc Explained)
Root Access
Default Deny
The Deceptive Trick That Steals Your Password #coding #programming #appsec #bugbounty
No Valid Path
2AM Blue Light
How a Simple Bug Can Steal Your Login Details #coding #programming #appsec #bugbounty
Web AppSec
Hacker Injects Malicious Code to Clone Login #coding #programming #appsec #bugbounty
