PRE-ACCOUNT TAKEOVER through Oauth misconfiguration on a mailing website

PRE-ACCOUNT TAKEOVER through Oauth misconfiguration on a mailing website

About the vulnerability:

If an application allows users to authenticate with their Gmail address using Google SSO, the system must check if the email has existing account or not. If the Oauth authorization is misconfigured, it is able to create an account with victim’s email without verifying the email. If the victim creates an account with google SSO, this leads to pre-account takeover.

Introduction:

The vulnerability is not yet resolved, So let’s call the website as mail.com. The mail.com has two security flaws which leads to pre-account takeover. They are,

If an user signup on mail.com, the website gives partial access to the account and redirects the user to the dashboard without verifying the email.There is google Oauth signup option available for the users. The Oauth must check if email address has an existing account on the website. If an account is already exists, it should ask for create new password. But instead of signing up and asking to set the password, the website directly logging into the account without password.

Attack scenario:

An attacker is creating an account using victim’s email and got partial access. Let’s Consider the victim likes to use the mail.com. If the victim signup using his/her email…