Google OAuth Vulnerability Exposes Millions via Failed Startup Domains,
New research has pulled back the curtain on a « deficiency » in Google’s « Sign in with Google » authentication flow that exploits a quirk in domain ownership to gain access to sensitive data.
« Google’s OAuth login doesn’t protect against someone purchasing a failed startup’s domain and using it to re-create email accounts for former employees, » Truffle Security co-founder and CEO Dylan Ayrey said
« Google’s OAuth login doesn’t protect against someone purchasing a failed startup’s domain and using it to re-create email accounts for former employees, » Truffle Security co-founder and CEO Dylan Ayrey said
,
New research has pulled back the curtain on a « deficiency » in Google’s « Sign in with Google » authentication flow that exploits a quirk in domain ownership to gain access to sensitive data.
« Google’s OAuth login doesn’t protect against someone purchasing a failed startup’s domain and using it to re-create email accounts for former employees, » Truffle Security co-founder and CEO Dylan Ayrey said
« Google’s OAuth login doesn’t protect against someone purchasing a failed startup’s domain and using it to re-create email accounts for former employees, » Truffle Security co-founder and CEO Dylan Ayrey said
, ,
https://thehackernews.com/2025/01/google-oauth-vulnerability-exposes.html