Comment by ratg13

Comment by ratg13 4 days ago

0 replies

View on Hacker News

Every provider has their own set of flaws.

Microsoft had a flaw for awhile where you could just change a user’s email to anything with no verification.. and if the SSO implementer was only checking the email field, you could impersonate anyone.