From "Log in with OAuth" to "Your Account Is Mine" – Desktop App Edition
Abstract Just one click on a malicious link → account takeover. No phishing, no malware. I discovered a security flaw in a popular desktop app’s OAuth flow that let me steal any user’s account just
Dec 1, 20259 min read1.9K
