About  Project Blog Resources

Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Bypass on Signin with Apple- 193

Bhavuk JainPosted 5 Years Ago
  • Popular platforms for products such as Apple, Facebook, Google and others have features called login with 'x'. This can be used to login with your 'x' account on another site.
  • Sign In with Apple uses JSON Web tokens or JWT's for short. They are used for stateless authentication. Essentially, a token (with authorization levels of the user) is digitally signed by the server. The signature prevents tampering of the token.
  • When going through the process, a user can choose to either share or not share their email. Upon this, Apple will generate an email for you.
  • The hacker found a signing oracle. By setting the emailID of another user in the request, it was possible to get back a JWT (signed) from Apple!
  • This allowed for a complete account takeover on any Sign In with Apple Account.
  • Even the most simple bugs exist in the most tested applications. When testing, even the simple issues should still be tested.

Maxwell DulinEmail me!TwitterGithubAdminBlog RSS FeedResources RSS Feed