Redacted bugs #2: Privilege escalation using improper preservation of permissions during the OAuth app installation
‎
Authentication
Redacted bugs #1: Chaining a lack of values correlation, linear growth of attempts, and other omissions in OTP implementations to achieve 2 ATOs
This post describes two account takeover vulnerabilities w/o user interaction resulting from multiple omissions in the OTP implementations.
Multi-factor authentication security testing and possible bypasses
This post describes 11 ways of bypassing MFA.