Image for post
Image for post

Hello everyone, hope you are having a great day. Today I am going to talk to you about an interesting bug that I found on a private program on HackerOne.

It is one of the most popular investing apps on the market. I can not disclose the name of the program since the vulnerability is not fixed yet. The application allowed its users to login with its own authentication system or Social Authentication (Google and Facebook). The flaw was in the ‘Login with Google/ Facebook’ functionality as there was no ‘Disconnect from Google/ Facebook’ feature available. Once a social account was associated with an email, it was forever added and can't be unlinked. …

About

Kushal Dhakal

Last name “hungry”, first name “always”.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store