[Priceline] Account takeover via Google OneTap ($1500 USD)
Original Post:
We discussed this vulnerability during Episode 145 on 16 May 2022
Authentication bug in Priceline through the use of Google OneTap. The problem is that they assume emails provided through Google OneTap are verified and authentic. While this is true for regular google authentication, OneTap expects you to check the email_verified
field to ensure the email is valid, which Priceline didn’t. This made it possible for an attacker to register the domain of a victim’s email with Gsuite (even if they didn’t own it / verify it), and be able to login to that account through OneTap.