Episode 169: Attacking OAuth 2.1

Episode 169: Attacking OAuth 2.1

From Critical Thinking - Bug Bounty Podcast by Justin Gardner (Rhynorater), Joseph Thacker (Rez0), & Brandyn Murtagh (gr3pme)

April 9, 2026 · 30 min · Season 1 · Episode 169

About this episode

In this episode, the hosts discuss the changes from OAuth 2.0 to 2.1 and how hackers can exploit these changes.

Episode 169: In this episode of Critical Thinking - Bug Bounty Podcast gr3pme goes over some of the changes from OAuth 2.0 vs 2.1 and how Hackers can capitalize. Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater, rez0 and gr3pme on X:  https://x.com/Rhynorater https://x.com/rez0__ https://x.com/gr3pme Critical Research Lab: https://lab.ctbb.show/   ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch ! Today's Sponsor: Check out ThreatLocker Ringfencing https://www.criticalthinkingpodcast.io/tl-rf ====== This Week in Bug Bounty ====== Intigriti is providing free Burp Pro for Hackers! https://www.intigriti.com/blog/news/intigriti-collaborates-with-portswigger-to-support-ethical-hacking-excellence ======…

People in this episode

Hosts: Justin Gardner, Joseph Thacker, Brandyn Murtagh

Guest: gr3pme

Topics covered

  • OAuth 2.1
  • bug bounty
  • ethical hacking
  • security vulnerabilities
  • account takeover
  • PKCE Bypass

Keywords

  • OAuth
  • bug bounty
  • security
  • vulnerabilities
  • ethical hacking
  • account takeover
  • PKCE

Sponsors

ThreatLocker

Mentioned in this episode

Organizations: Intigriti, Cloudflare, ZeroPath, Django-allauth, PortsWigger, Critical Research Lab

Books & works: OAuth 2.0, OAuth 2.1

More episodes of Critical Thinking - Bug Bounty Podcast

Explore listener stats, chart rankings, contacts and more on the Critical Thinking - Bug Bounty Podcast podcast page.