Black & White Path

Apr 13, 2026 · Information Security

Cracking a “Fortress” OAuth redirect_uri: A Deep Technical Dive

The article dissects a custom OAuth implementation in a major automotive company's identity system, explains why the redirect_uri is the critical attack surface, and details how systematic fuzzing and a double‑encoding payload ultimately bypass the strict URL validation to hijack user accounts.