This is how he could hijack Reddit accounts with just ONE click: a $10,000 bug bounty
Exploring Frans Rosén’s bypass of OAuth security
Published in
4 min readAug 4, 2022
Summary
Hijacking a random user’s account can be a dream goal of many malicious hackers. This can occur through traditional methods of data leaks and brute force passwords, but with additional security measures more commonplace, such as 2FA or OAuth, it (hopefully) is becoming harder to simply guess and check.