One misbound identity. One exposed internal path. Two routes to total compromise. In this season finale of Hacked & Secured: Pentest Exploits & Mitigations, we break down two real-world findings that show how small trust assumptions can unravel entire systems: nOAuth (SSO account misbinding) — Multi-tenant SSO auto-linked accounts by email instead of a stable subject/issuer identifier. With a crafted identity on a controlled domain, an attacker could land a valid session as another us...
All content for Hacked & Secured: Pentest Exploits & Mitigations is the property of Amin Malekpour and is served directly from their servers
with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.
One misbound identity. One exposed internal path. Two routes to total compromise. In this season finale of Hacked & Secured: Pentest Exploits & Mitigations, we break down two real-world findings that show how small trust assumptions can unravel entire systems: nOAuth (SSO account misbinding) — Multi-tenant SSO auto-linked accounts by email instead of a stable subject/issuer identifier. With a crafted identity on a controlled domain, an attacker could land a valid session as another us...
One misbound identity. One exposed internal path. Two routes to total compromise. In this season finale of Hacked & Secured: Pentest Exploits & Mitigations, we break down two real-world findings that show how small trust assumptions can unravel entire systems: nOAuth (SSO account misbinding) — Multi-tenant SSO auto-linked accounts by email instead of a stable subject/issuer identifier. With a crafted identity on a controlled domain, an attacker could land a valid session as another us...
Hacked & Secured: Pentest Exploits & Mitigations
One misbound identity. One exposed internal path. Two routes to total compromise. In this season finale of Hacked & Secured: Pentest Exploits & Mitigations, we break down two real-world findings that show how small trust assumptions can unravel entire systems: nOAuth (SSO account misbinding) — Multi-tenant SSO auto-linked accounts by email instead of a stable subject/issuer identifier. With a crafted identity on a controlled domain, an attacker could land a valid session as another us...
