How I Hijacked OAuth Tokens Through a Parallel Auth Flow Race Condition — $8500 P1 Bug Bounty
1 min read
Summary
A vulnerability has been discovered in the OAuth authentication process that could allow an attacker to hijack a user’s OAuth token, potentially enabling them to compromise the user’s account on a service.
The OAuth authorisation framework is a standard that allows users to grant a website or application access to their account data on another service, without exposing their login credentials.
However, the discovery of a race condition in the OAuth authorisation code grant flow could allow an attacker to steal these tokens and essentially take over a user’s account.
The researcher who discovered the vulnerability notes that the issue was caused by a misconfiguration, and was able to gain access to the target’s account through a simple manipulation of the URL.
This finding highlights how vulnerabilities in OAuth’s implementation can still pose a significant security risk.