Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.
Training Camp • Cybersecurity Glossary
OAuth abuse exploits authorization tokens and consent grants—often via consent phishing—to gain persistent access that bypasses passwords and MFA.
OAuth Abuse Definition: OAuth abuse exploits authorization tokens and consent grants—often via consent phishing—to gain persistent access that bypasses passwords and MFA.
OAuth abuse is the exploitation of the OAuth authorization framework to gain persistent, token-based access to a victim's accounts and data. In a common variant called consent phishing or illicit consent grant, attackers trick users into approving a malicious third-party application, which then receives OAuth access tokens that bypass passwords and MFA and survive password resets. Because access relies on granted scopes rather than credentials, revoking the malicious app's consent is required to remove the attacker's access.
Turn knowledge into credentials with our instructor-led cybersecurity boot camps.
View All Courses →