2 matches found
Improper Authentication
Mattermost is vulnerable to Improper Authentication. The vulnerability is due to insecure OAuth credential handling due to failure to clear Google OAuth credentials when converting user accounts to bot accounts, enabling unauthorized access via the Google OAuth signup flow...
Google OAuth Vulnerability Exposes Millions via Failed Startup Domains
New research has pulled back the curtain on a "deficiency" in Google's "Sign in with Google" authentication flow that exploits a quirk in domain ownership to gain access to sensitive data. "Google's OAuth login doesn't protect against someone purchasing a failed startup's domain and using it to...