Engineering notes from the trenches.
Reverse-engineering APIs, automation that survives production, security research, and honest takes on the tools I ship with.
Reverse-engineering APIs, automation that survives production, security research, and honest takes on the tools I ship with.
2 posts ← reset filters
CVE analysis of Flask-Security-Too 5.8.0's OAuth reauthentication bypass where verifying a different user's OAuth identity marks the session as fresh, enabling privilege escalation.
A high-severity improper authentication flaw in Motorola's pre-installed Factory Test app (com.motorola.motocit) exposes a writable file descriptor in external storage, letting any local app escalate privileges without user interaction.