writeups.xyz / Pre-hijacked accounts: An Empirical Study of Security Failures in User Account Creation on the Web

Submitter : c2a

Date: 20 May 2022

Bounty : undisclosed

Vulnerabilities :

• Account Takeover
• Pre-Hijacking Attack

Programs :

• Dropbox
• Meta / Facebook
• LinkedIn
• WordPress
• Zoom

Authors :

• Avinash Sudhodanan (@Sudoavi)
• Andrew Paverd (@Ajpaverd)

Link :
https://arxiv.org/pdf/2205.10174.pdf