Google OAuth Vulnerability Exposes Millions via Failed Startup Domains -

Google OAuth Vulnerability Exposes Millions via Failed Startup Domains

New research has pulled back the curtain on a “deficiency” in Google’s “Sign in with Google” authentication flow that exploits a quirk in domain ownership to gain access to sensitive data. “Google’s OAuth login doesn’t protect against someone purchasing a failed startup’s domain and using it to re-create email accounts for former employees,” Truffle Security…

January 14, 2025

New research has pulled back the curtain on a “deficiency” in Google’s “Sign in with Google” authentication flow that exploits a quirk in domain ownership to gain access to sensitive data.
“Google’s OAuth login doesn’t protect against someone purchasing a failed startup’s domain and using it to re-create email accounts for former employees,” Truffle Security co-founder and CEO Dylan Ayrey said

Evs

Google OAuth Vulnerability Exposes Millions via Failed Startup Domains

Leave a Reply Cancel reply

Related Posts

FBI Deletes PlugX Malware from 4,250 Hacked Computers in Multi-Month Operation

Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks

3 Actively Exploited Zero-Day Flaws Patched in Microsoft’s Latest Security Update