witter iOS fails to validate server certificate and sends OAuth token
Posted: Tue Oct 29, 2024 4:26 pm
The issue "Twitter iOS fails to validate server certificate and sends OAuth token" highlights a significant security flaw where the app does not properly validate the authenticity of the server it connects to. As a result, this vulnerability can expose sensitive OAuth tokens to potential interception by malicious actors, risking unauthorized access to user accounts.
https://hackerone.com/reports/168538
https://hackerone.com/reports/168538