Improper Access Control - Generic (CWE-284)FREE
Unauthenticated OAuth Token Leading to Access to Protected APIs
What started as a simple JavaScript analysis ended in a broken OAuth flow that allowed unauthenticated access to protected APIs — and a €1500 bug bounty reward.
67
Mar 6, 2026
CVSS9.8
€1,500