writeups.xyz / Clipchamp ( Microsoft Office Product) - Google IAP Authorization bypass allowed access to Internal Environment Leading to Zero Interaction Account takeover

Submitter : c2a

Date: 10 March 2023

Bounty : undisclosed

Vulnerabilities :

• Authorization Bypass
• JWT
• Account Takeover

Programs :

• Microsoft (ClipChamp)

Authors :

• Vikas Anil Sharma (@Vikzsharma)

Link :
https://blog.agilehunt.com/blogs/security/msrc-critical-google-iap-authorization-bypass-allows-access-to-internal-envirnment-leading-to-zero-interaction-account-takeover