OTP Leaking Through Cookie Leads to Account Takeover
Original Post:
We discussed this vulnerability during Episode 175 on 12 December 2022
The title is all you really need on this one, the OTP was reflected in the cookies so no need to actually receive it.