Update MOBILE_CLIENT/COMMON/_HIGH/OAUTH_SCHEME_ACCOUNT_TAKEOVER/descr…

…iption.md Co-authored-by: Alaeddine Mesbahi <[email protected]>
Ostorlab · Oct 6, 2023 · 2a9a082 · 2a9a082
1 parent 6c99753
commit 2a9a082
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/MOBILE_CLIENT/COMMON/_HIGH/OAUTH_SCHEME_ACCOUNT_TAKEOVER/description.md b/MOBILE_CLIENT/COMMON/_HIGH/OAUTH_SCHEME_ACCOUNT_TAKEOVER/description.md
@@ -4,7 +4,7 @@ In a typical OAuth scenario, `redirect_uri` should be guaranteed to belong to th
 
 An example attack scenario is when a malicious app claims the custom scheme used by some OAuth client application and triggers an OAuth authentication flow to the target app, once the user successfully performs login and consents they'll be redirected to the malicious app with the authentication token generated from the OAuth flow, allowing the malicious app to take over their account. 
 
-Attackers can bypass user interaction by leveraging certain techniques like express authentication flow or OAuth parameters that are meant to skip consent prompt if the user gave their consent before.
+Attackers can **bypass user interaction** by leveraging certain techniques like express authentication flow or use OAuth parameters that are meant to skip the consent prompt if the user gave their consent before.
 
 ## Kotlin