OAuth security gaps at Grammarly (now remediated)
This short video explains how Salt Labs researchers identified several critical security flaws on the popular site - Grammarly.
The flaws were found in the site's authentication functionality and could have allowed a malicious attacker to take over user accounts, access profile information, and take actions on behalf of the user.
All issues were reported to Grammarly and have been resolved with no evidence of these flaws being actively exploited in the wild.
In the research, they also found similar vulnerabilities in Vidio.com and Bukalapak.com.
For a more detailed analysis, please check out our blog post: https://salt.security/blog/oh-auth-abusing-oauth-to-take-over-millions-of-accounts