IP Spoofing to Account Takeover: You Patched It? Really?
Abstract In my previous article, I described how I found a security flaw in a popular desktop app's OAuth flow that allowed me to steal any user's account with just one click. I reported it, saw it pa
Feb 20, 20267 min read611
