OAuth Redirect Abuse Lets Attackers Bypass MFA Without Stealing Tokens

A recently disclosed attack technique allows threat actors to bypass multi-factor authentication (MFA) by abusing OAuth redirect flows. The method does not require stealing tokens or credentials but instead exploits misconfigurations in OAuth implementations. Attackers manipulate redirect URIs to gain unauthorized access to user accounts. The issue affects certain identity providers and applications using OAuth.