Broken Authentication | writeups.xyz

Title	Vulnerabilities	Programs	Authors
CVE-2020-13294	Broken Authentication OIDC OAuth	GitLab	Lauritz Holtmann (@_Lauritz_)
How I earned $500 from Google - Flaw in Authentication	Broken Authentication	Google	Hemant Patidar (@HemantSolo)
Account Takeover For The Win 🏆	Account Takeover Broken Authentication Password Reset	Undisclosed	Ricardo Iramar Dos Santos (@Ricardo_iramar)
How Netgear meshed(*) up WiFi for Business	Weak Crypto Broken Authentication	Netgear	Thorsten Schröder
[ BUG BOUNTY ] Flaw in Authentication ( Hall of Fame Google )	Broken Authentication	Google	Danang Tri Atmaja (@Danangtriatmj)
Instagram account is reactivated without entering 2FA ($500)	2FA / MFA Bypass Broken Authentication	Meta / Facebook	Aman Shahid (@Amansmughal)
How did I bypass a Custom Brute Force protection and why that solution is not a good idea?	Bruteforce Broken Authentication	Undisclosed	Dortz
Swiss_E-Voting_Publications	XSS XXE RCE Missing Authentication Broken Authentication Hardcoded Credentials	Swiss E-Voting	Setuid0 (@_Setuid0_)
How I abused 2FA to maintain persistence after a password change (Google, Microsoft, Instagram, Cloudflare, etc)	Logic Flaw Broken Authentication	Google Microsoft Meta / Facebook	Luke Berner
Bypass HackerOne 2FA requirement and reporter blacklist	Logic Flaw 2FA / MFA Bypass Broken Authentication	HackerOne	Japz Divino (@Japzdivino)
Bug bounty left over (and rant) Part III (Google and Twitter)	OAuth Broken Authentication Information Disclosure	Google Twitter	Antonio Sanso (@Asanso)
Password Not Provided - Compromising Any Flurry User's Account [Yahoo Bug Bounty]	Broken Authentication Account Takeover	Yahoo! / Verizon Media	Jack Cable (@Jackhcable)
Vine Re-auth Bypass [Twitter Bug Bounty]	Broken Authentication	Twitter	Abdullah Hussam (@Abdulahhusam)
A Hilarious ESET Broken Authentication Vulnerability (one click free purchase)	Broken Authentication SQL Injection	ESET	Mohamed A. Baset

Page 2 of 2