Author: Mosaad Sallam

  • Blog
  • Author: Mosaad Sallam
Critical OTP Verification Flaw Enables Account Takeover: A Detailed Analysis

Critical OTP Verification Flaw Enables Account Takeover: A Detailed Analysis

In today’s digital age, secure user authentication is paramount to protect sensitive information and maintain user trust. However, during a recent web application penetration test, I uncovered a critical security flaw in the OTP (One-Time Password) verification process of a popular web application. This vulnerability allows attackers to bypass OTP verification, potentially leading to unauthorized

Read More
Unchecked Privileges: The Hidden Risk of Role Escalation in Collaborative Platforms

Unchecked Privileges: The Hidden Risk of Role Escalation in Collaborative Platforms

During a recent penetration testing engagement at CyberAR, we uncovered a seemingly simple yet critically impactful vulnerability in a platform designed to sync WhatsApp with CRM systems. This platform allows teams to collaborate within workspaces, manage members, and work on projects together. The feature is central to the platform’s core business logic, making it an

Read More

Copyright © 2024 Cyber AR LLC. All rights reserved.