Hunting Account Takeovers in the Wild West of MCP OAuth Servers
·1370 words·7 mins
Hunting Account Takeovers in the Wild West of MCP OAuth Servers # TL;DR: We discovered that many MCP (Model Context Protocol) servers powering AI integrations like ChatGPT and Claude have critically misconfigured OAuth implementations. Open Dynamic Client Registration (DCR) combined with missing redirect URI validation and optional PKCE enforcement creates a perfect storm for one-click account takeover attacks.